ID

VAR-202106-1921


CVE

CVE-2021-23017


TITLE

nginx  Vulnerability in determining boundary conditions in resolver

Trust: 0.8

sources: JVNDB: JVNDB-2021-007625

DESCRIPTION

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202105-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: nginx: Remote code execution Date: May 26, 2021 Bugs: #792087 ID: 202105-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in nginx could lead to remote code execution. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.21.0 >= 1.20.1:0 >= 1.21.0:mainline Description =========== It was discovered that nginx did not properly handle DNS responses when "resolver" directive is used. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.20.1" All nginx mainline users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-servers/nginx-1.21.0:mainline" References ========== [ 1 ] CVE-2021-23017 https://nvd.nist.gov/vuln/detail/CVE-2021-23017 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202105-38 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4967-2 May 27, 2021 nginx vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: nginx could be made to crash or run programs if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: nginx 1.10.3-0ubuntu0.16.04.5+esm1 nginx-common 1.10.3-0ubuntu0.16.04.5+esm1 nginx-core 1.10.3-0ubuntu0.16.04.5+esm1 nginx-extras 1.10.3-0ubuntu0.16.04.5+esm1 nginx-full 1.10.3-0ubuntu0.16.04.5+esm1 nginx-light 1.10.3-0ubuntu0.16.04.5+esm1 Ubuntu 14.04 ESM: nginx 1.4.6-1ubuntu3.9+esm2 nginx-common 1.4.6-1ubuntu3.9+esm2 nginx-core 1.4.6-1ubuntu3.9+esm2 nginx-extras 1.4.6-1ubuntu3.9+esm2 nginx-full 1.4.6-1ubuntu3.9+esm2 nginx-light 1.4.6-1ubuntu3.9+esm2 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx118-nginx security update Advisory ID: RHSA-2021:2258-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2258 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 ===================================================================== 1. Summary: An update for rh-nginx118-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx118-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm ppc64le: rh-nginx118-nginx-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.ppc64le.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.ppc64le.rpm s390x: rh-nginx118-nginx-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.s390x.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.s390x.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx118-nginx-1.18.0-3.el7.src.rpm x86_64: rh-nginx118-nginx-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-debuginfo-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-image-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-perl-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-http-xslt-filter-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-mail-1.18.0-3.el7.x86_64.rpm rh-nginx118-nginx-mod-stream-1.18.0-3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL3MN9zjgjWX9erEAQjMKA//YaSwGZ/DmvwILuYqYNbIGKvcatycisD6 RrS+A7J9QqTEKqC8mZQ/OvfS5TukanQ/jzTNfRuGuO7booPRlhqVxZVLrSgQNaVD 1FV/cQqXhS/FwmrM8wnWdLpsFUXRXsTqiOoUnymzZbSh1VDjB8VZZLjWc7Wnueqy clLQnYtwMT5axzXRJl/JiXs+yJBmzv5igSFMoGXEKDx6DTrWGtZENE1rpumPAjb6 Y3aDzDZYu4Bl9V1FCUOtksWnmP0Xl/kvSL31aUkyYbyi9i0DpQswmdBH4Bl5ulw2 skkKH69ixA1wu+2D128toUy2ZR/MjX88sH3bCahhY1G4ajp0Vl3/p/kM7VVR5uRi KTVNK8FueNIvp8fMp8oYKhZW9It5DzlMa0Q1QcFfsutgf+932up8qJ9o0mQ9AbVK fBYb8F0hYMDI8udy+npgUM0WwwiBQAqzcHmbnYIRt6IK5f/dUOqucugiJFsbyTl2 pIcJty1208RbrDE/ctTcKuyVbHH9pPOHql5rFlJLAh7yYdHWh6J1QhmdA1RNm51h MEgO5OOVUjrV2mye1c8o7EkTzvuhu2RWQ7WyQc6C81ZlcUcjfNnq73vJ9HBNtNT5 hsiDG/UdvY/thIQmqzSFI3z8ALFKPRUcJ91v/fZNRpBTxcsluN91X7XrHIQDNOs9 jVrMgzAG88I= =av6T -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security fixes: * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * helm: information disclosure vulnerability (CVE-2021-32690) Bug fixes: * KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358) * Add columns to the Agent CRD list (BZ# 1977398) * ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081) * RHACM 2.3.3 images (BZ# 1999365) * Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294) * create cluster page empty in Safary Browser (BZ# 2002280) * Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667) * Overview page displays VMware based managed cluster as other (BZ# 2004188) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The following packages have been upgraded to a later upstream version: nginx (1.20.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095 Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851 // PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:f5model:nginxscope:ltversion:1.20.1

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:goldengatescope:ltversion:21.4.0.0.0

Trust: 1.0

vendor:oraclemodel:communications fraud monitorscope:lteversion:4.4

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.3

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.4

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:communications fraud monitorscope:gteversion:3.4

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:4.2

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:4.4

Trust: 1.0

vendor:oraclemodel:enterprise communications brokerscope:eqversion:3.3.0

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:4.3

Trust: 1.0

vendor:oraclemodel:enterprise telephony fraud monitorscope:eqversion:4.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:4.4

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:3.4

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:4.3

Trust: 1.0

vendor:openrestymodel:openrestyscope:ltversion:1.19.3.2

Trust: 1.0

vendor:oraclemodel:blockchain platformscope:ltversion:21.1.2

Trust: 1.0

vendor:oraclemodel:communications control plane monitorscope:eqversion:4.2

Trust: 1.0

vendor:f5model:nginxscope:gteversion:0.6.18

Trust: 1.0

vendor:oraclemodel:communications session border controllerscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:enterprise session border controllerscope:eqversion:8.4

Trust: 1.0

vendor:オラクルmodel:oracle communications operations monitorscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise telephony fraud monitorscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications control plane monitorscope: - version: -

Trust: 0.8

vendor:f5model:nginxscope: - version: -

Trust: 0.8

vendor:netappmodel:ontap select deploy administration utilityscope: - version: -

Trust: 0.8

vendor:openrestymodel:openrestyscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications fraud monitorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23017
value: HIGH

Trust: 1.0

NVD: CVE-2021-23017
value: CRITICAL

Trust: 0.8

VULHUB: VHN-381503
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-23017
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23017
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-381503
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-23017
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: 2.2
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-23017
baseSeverity: CRITICAL
baseScore: 9.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

PROBLEMTYPE DATA

problemtype:CWE-193

Trust: 1.1

problemtype:Boundary condition judgment (CWE-193) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-381503 // JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

THREAT TYPE

remote

Trust: 0.3

sources: PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 162819 // PACKETSTORM: 162851 // PACKETSTORM: 169062

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-381503

PATCH

title:Oracle Critical Patch Update Advisory - October 2021 Oracle Critical Patch Updateurl:https://support.f5.com/csp/article/K12331123

Trust: 0.8

title:Red Hat: Important: nginx:1.20 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220323 - Security Advisory

Trust: 0.1

title:Debian CVElist Bug Report Logs: nginx: CVE-2021-23017: DNS Resolver off-by-one heap write vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0339ada74619d10f752ff8ffaeb08207

Trust: 0.1

title:Debian Security Advisories: DSA-4921-1 nginx -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d6e7f162f0da2ae62b9b588e4f3e995a

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1507url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1507

Trust: 0.1

title:Red Hat: CVE-2021-23017url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-23017

Trust: 0.1

title:Amazon Linux 2: ALASNGINX1-2023-003url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASNGINX1-2023-003

Trust: 0.1

title:Arch Linux Advisories: [ASA-202106-36] nginx: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-36

Trust: 0.1

title:Arch Linux Advisories: [ASA-202106-48] nginx-mainline: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-48

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-23017 log

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/Logeswark/helmpackage

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/carayev/kubernetes-nginx-ingress

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/Hopecount123/ingress-controller-update

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/Aswinisurya99/ingress-ngininx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/StuartDickenson/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/rohankumardubey/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/ryanarabety/ingress-nginx-Kubernetes

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/doudou147/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/kartikeyaexpd/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/shaundaley39/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/shoebece/nginx-ingress

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/adityamillind98/ngins

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/maksonlee/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/caojian12345/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/msyhu/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/gmk-git/Kubernetes-Ingress

Trust: 0.1

title:CVE-2021-23017url:https://github.com/ShivamDey/CVE-2021-23017

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/MrE-Fog/ingress-nginxx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/luyuehm/ingress-nginx

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/lemonhope-mz/replica_kubernetes-nginx

Trust: 0.1

title:CVE-2021-23017-PoCurl:https://github.com/M507/CVE-2021-23017-PoC

Trust: 0.1

title:CVE-2021-23017-PoCurl:https://github.com/lakshit1212/CVE-2021-23017-PoC

Trust: 0.1

title:Ingress NGINX Controllerurl:https://github.com/zlz4642/ingress-nginx

Trust: 0.1

title:https://github.com/M507/M507url:https://github.com/M507/M507

Trust: 0.1

title:Polysphere Temp Blogurl:https://github.com/eggkingo/polyblog

Trust: 0.1

title:DC:4 Vulnhub Walkthroughurl:https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough

Trust: 0.1

title:https://github.com/teresaweber685/book_listurl:https://github.com/teresaweber685/book_list

Trust: 0.1

title:Mode Switching Frameworkurl:https://github.com/rmtec/modeswitcher

Trust: 0.1

title:https://github.com/bollwarm/SecToolSeturl:https://github.com/bollwarm/SecToolSet

Trust: 0.1

title:PoC in GitHuburl:https://github.com/soosmile/POC

Trust: 0.1

title:PoC in GitHuburl:https://github.com/manas3c/CVE-POC

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-lab/awesome-security

Trust: 0.1

title:Github CVE Monitorurl:https://github.com/khulnasoft-labs/awesome-security

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2022/07/15/cisa_critical_juniper_bugs/

Trust: 0.1

sources: VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625

EXTERNAL IDS

db:NVDid:CVE-2021-23017

Trust: 3.8

db:PACKETSTORMid:167720

Trust: 1.2

db:JVNDBid:JVNDB-2021-007625

Trust: 0.8

db:PACKETSTORMid:163013

Trust: 0.2

db:PACKETSTORMid:162986

Trust: 0.2

db:PACKETSTORMid:162835

Trust: 0.2

db:PACKETSTORMid:165782

Trust: 0.2

db:PACKETSTORMid:162851

Trust: 0.2

db:PACKETSTORMid:164948

Trust: 0.2

db:PACKETSTORMid:162819

Trust: 0.2

db:PACKETSTORMid:162992

Trust: 0.1

db:PACKETSTORMid:162830

Trust: 0.1

db:PACKETSTORMid:163003

Trust: 0.1

db:EXPLOIT-DBid:50973

Trust: 0.1

db:VULHUBid:VHN-381503

Trust: 0.1

db:VULMONid:CVE-2021-23017

Trust: 0.1

db:PACKETSTORMid:164562

Trust: 0.1

db:PACKETSTORMid:164282

Trust: 0.1

db:PACKETSTORMid:169062

Trust: 0.1

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851 // PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062 // NVD: CVE-2021-23017

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-23017

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20210708-0006/

Trust: 1.2

url:http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html

Trust: 1.2

url:http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.2

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.2

url:https://support.f5.com/csp/article/k12331123%2c

Trust: 1.1

url:https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2021-23017

Trust: 0.6

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.6

url:https://bugzilla.redhat.com/):

Trust: 0.6

url:https://access.redhat.com/security/team/contact/

Trust: 0.6

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22922

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-36222

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-37750

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22923

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22924

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22922

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22924

Trust: 0.3

url:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-36222

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-22923

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:0323

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-4967-1

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32626

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32626

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32675

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3653

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3656

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-37750

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32675

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41099

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3653

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32627

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32687

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32690

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32628

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-32672

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32627

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32672

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-32628

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/

Trust: 0.1

url:https://support.f5.com/csp/article/k12331123,

Trust: 0.1

url:https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/193.html

Trust: 0.1

url:https://github.com/logeswark/helmpackage

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/gmk-git/kubernetes-ingress

Trust: 0.1

url:https://www.debian.org/security/2021/dsa-4921

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2021-1507.html

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu2.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu8.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/nginx/1.14.0-0ubuntu1.9

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/glsa/202105-38

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4967-2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2258

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2290

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22543

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21670

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41099

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-25741

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-21671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-4658

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3925

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-37576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-21671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-25741

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-37576

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31535

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3653

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32399

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27777

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29154

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32399

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-29650

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22555

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-31535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22555

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33929

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-0512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3733

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33930

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4618

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3733

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-36385

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-32804

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33938

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36385

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32804

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-0512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-22946

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3711

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33930

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-22946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-32803

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33928

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/nginx

Trust: 0.1

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // PACKETSTORM: 162819 // PACKETSTORM: 162835 // PACKETSTORM: 162851 // PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062 // NVD: CVE-2021-23017

CREDITS

Red Hat

Trust: 0.6

sources: PACKETSTORM: 162986 // PACKETSTORM: 163013 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782

SOURCES

db:VULHUBid:VHN-381503
db:VULMONid:CVE-2021-23017
db:JVNDBid:JVNDB-2021-007625
db:PACKETSTORMid:162819
db:PACKETSTORMid:162835
db:PACKETSTORMid:162851
db:PACKETSTORMid:162986
db:PACKETSTORMid:163013
db:PACKETSTORMid:164562
db:PACKETSTORMid:164282
db:PACKETSTORMid:164948
db:PACKETSTORMid:165782
db:PACKETSTORMid:169062
db:NVDid:CVE-2021-23017

LAST UPDATE DATE

2024-11-22T19:56:55.621000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381503date:2022-09-14T00:00:00
db:VULMONid:CVE-2021-23017date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2021-007625date:2022-02-18T01:21:00
db:NVDid:CVE-2021-23017date:2023-11-07T03:30:29.880

SOURCES RELEASE DATE

db:VULHUBid:VHN-381503date:2021-06-01T00:00:00
db:VULMONid:CVE-2021-23017date:2021-06-01T00:00:00
db:JVNDBid:JVNDB-2021-007625date:2022-02-18T00:00:00
db:PACKETSTORMid:162819date:2021-05-26T17:36:43
db:PACKETSTORMid:162835date:2021-05-27T13:28:42
db:PACKETSTORMid:162851date:2021-05-28T14:11:38
db:PACKETSTORMid:162986date:2021-06-07T13:45:14
db:PACKETSTORMid:163013date:2021-06-08T14:13:55
db:PACKETSTORMid:164562date:2021-10-20T15:45:47
db:PACKETSTORMid:164282date:2021-09-24T15:49:04
db:PACKETSTORMid:164948date:2021-11-12T17:01:04
db:PACKETSTORMid:165782date:2022-01-31T16:24:54
db:PACKETSTORMid:169062date:2021-05-28T19:12:00
db:NVDid:CVE-2021-23017date:2021-06-01T13:15:07.853