Details of VAR-202106-1921

ID

VAR-202106-1921

CVE

CVE-2021-23017

TITLE

nginx Vulnerability in determining boundary conditions in resolver

Trust: 0.8

sources: JVNDB: JVNDB-2021-007625

DESCRIPTION

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. nginx The resolver contains a vulnerability in determining boundary conditions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx Company in the United States. A security flaw in nginx stems from a bug that could allow a remote attacker to execute arbitrary code on a target system. Affected products and versions are as follows: nginx: 0.6.18, 0.6.19 0.6.20, 0.6.21, 0.6.22 0.6.23, 0.6.24, 0.6.25, 0.6.26, 0.6.27, 0.6. A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network malicious user to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-23017). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: rh-nginx116-nginx security update Advisory ID: RHSA-2021:2278-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:2278 Issue date: 2021-06-07 CVE Names: CVE-2021-23017 ==================================================================== 1. Summary: An update for rh-nginx116-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The rh-nginx116-nginx service must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm ppc64le: rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm s390x: rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm ppc64le: rh-nginx116-nginx-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.ppc64le.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.ppc64le.rpm s390x: rh-nginx116-nginx-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.s390x.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.s390x.rpm x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-nginx116-nginx-1.16.1-6.el7.src.rpm x86_64: rh-nginx116-nginx-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-debuginfo-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-image-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-perl-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-http-xslt-filter-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-mail-1.16.1-6.el7.x86_64.rpm rh-nginx116-nginx-mod-stream-1.16.1-6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23017 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYL5eOtzjgjWX9erEAQgQEQ//T7Jz+AN/TKTzw7RA57QI4rVdLkv2hJHC 1cW6/iFbgfYF10HldhRJKBkGpBTPzb4yzt3y4oRDa35GTLw6zXZquosSaC9RXLq+ RKxU93XKaw1K/qAYqq3q9ZemMpL+ce3mXeaEoK8oQQtbdbYO53eqCQBRIdR0ucFE WFJBFrpVXKKKSb6qbvDUWJCIQLlF9YBPjt3RpgSwPXVOu/74Oe6/AutYmpjgKyt1 BIsZ7V2SliQNIBtgmAHq+dzBIuPpPCRtS6zCML/eIs3ZIUU80jbX9guyb1euN2L/ FlrAFUvSpp0Z72LM33qle6D0Zbe6yCxOxi5QjEIUcP735Z8hYxNWs8H+5HDGq3gl pKLGWLUJG0N0kfoK6RHKuDzPuNmAGm5KwNYu0xO+mdMbgj+rzr4lhe5Dz3+qh7o0 DiImaFoHvbilJvUbjUmvTvwL4DMZvk2oKUI6MDxlNp/TyDdwMraZDVhyOpc0frGU hHlLMr4k+gvTQnjlaf+cilYPHfTTRL7/kdPpjWLCcdZ0v68FC5MHcG/pqpRQUFKO xCNEMLixyH/gY8Ymm+047U2i2TITRb1X5rI+nWHBuEWexgie7cNSzfB++WJYIC07 R2tSuGLQP/eZQpSoHZavZ3KJVMKOsH/foI1DYbFn7gyqtP8wqQAhI4klXFYGeXqa O23scR4nPsc\xdc6n -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security fixes: * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) * redis: Out of bounds read in lua debugger protocol parser (CVE-2021-32672) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * helm: information disclosure vulnerability (CVE-2021-32690) Bug fixes: * KUBE-API: Support move agent to different cluster in the same namespace (BZ# 1977358) * Add columns to the Agent CRD list (BZ# 1977398) * ClusterDeployment controller watches all Secrets from all namespaces (BZ# 1986081) * RHACM 2.3.3 images (BZ# 1999365) * Workaround for Network Manager not supporting nmconnections priority (BZ# 2001294) * create cluster page empty in Safary Browser (BZ# 2002280) * Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object (BZ# 2002667) * Overview page displays VMware based managed cluster as other (BZ# 2004188) 3. Bugs fixed (https://bugzilla.redhat.com/): 1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1977358 - [4.8.0] KUBE-API: Support move agent to different cluster in the same namespace 1977398 - [4.8.0] [master] Add columns to the Agent CRD list 1978144 - CVE-2021-32690 helm: information disclosure vulnerability 1986081 - [4.8.0] ClusterDeployment controller watches all Secrets from all namespaces 1999365 - RHACM 2.3.3 images 2001294 - [4.8.0] Workaround for Network Manager not supporting nmconnections priority 2002280 - create cluster page empty in Safary Browser 2002667 - Compliance state doesn't get updated after fixing the issue causing initially the policy not being able to update the managed object 2004188 - Overview page displays VMware based managed cluster as other 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes. Container updates: * RHACM 2.1.11 images (BZ# 1999375) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. The following packages have been upgraded to a later upstream version: nginx (1.20.1). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4921-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2021-23017 Debian Bug : 989095 Luis Merino, Markus Vervier and Eric Sesterhenn discovered an off-by-one in Nginx, a high-performance web and reverse proxy server, which could result in denial of service and potentially the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in version 1.14.2-2+deb10u4. For the detailed security status of nginx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nginx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCw3CMACgkQEMKTtsN8 TjYgGA/9FlgRs/kkpLxlnM5ymYDA+WAmc44BiKLajlItjdw54nifSb7WJQifSjND wWz6/1Qc2R84mgovtdReIcgEQDDmm8iCpslsWt4r/iWT5m/tlZhkLhBN1AyhW8VS u1Goqt+hFkz0fZMzv1vf9MwRkUma8SjxNcQdjs4fHzyZAfo+QoV4Ir0I7DIMKkZk N5teHqHIMaDasRZFQSpL8NuZC+JN5EEpB764mV+O/YqVrWeE9QUAnL0FgjcQUnmh iQ5AmMJRtAnQXXu9Qkpx9WtDemHLFHC9JsWEKE3TJAegA4ZhfOo5MZcjesn6EoqV 8rXAAupWzO5/wTxMeulqz4HTLeYPs+jTSONHwT1oG9kgY59jVcNVjg2DcGbG3/17 ueZdGTy70pgLSL6IKILNBgqHh0AqSyyuZmocy07DNGay+HzwuFSBq4RCCved+EPW 4CMtIPSujjPzQqvg15gFNKt/7T2ZfKFR7zVfm0itI6KTjyAhmFhaNYNwWEifX68u 8akhscDlUxmDQG1kbQ2u/IZqWeKG/TpbqaaTrTl6U+Gl1hmRO06Y4AckW1Xwm2r4 CFSO9uHeNte5Vsw+4NlDntzRZOOfJ6qW8x0XF5Vgn7R9mfYPlvIWJgptsgrrijnf lhCPw5JMpzQ4afWlRUvQiaf0lOIySKIfv05wHPtIablmgjIGny4= =qxQw -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	f5	model:	nginx	scope:	lt	version:	1.20.1	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	goldengate	scope:	lt	version:	21.4.0.0.0	Trust: 1.0
vendor:	oracle	model:	communications fraud monitor	scope:	lte	version:	4.4	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	communications fraud monitor	scope:	gte	version:	3.4	Trust: 1.0
vendor:	oracle	model:	communications operations monitor	scope:	eq	version:	4.2	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	enterprise communications broker	scope:	eq	version:	3.3.0	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	oracle	model:	enterprise telephony fraud monitor	scope:	eq	version:	4.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	4.4	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	3.4	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	4.3	Trust: 1.0
vendor:	openresty	model:	openresty	scope:	lt	version:	1.19.3.2	Trust: 1.0
vendor:	oracle	model:	blockchain platform	scope:	lt	version:	21.1.2	Trust: 1.0
vendor:	oracle	model:	communications control plane monitor	scope:	eq	version:	4.2	Trust: 1.0
vendor:	f5	model:	nginx	scope:	gte	version:	0.6.18	Trust: 1.0
vendor:	oracle	model:	communications session border controller	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	enterprise session border controller	scope:	eq	version:	8.4	Trust: 1.0
vendor:	オラクル	model:	oracle communications operations monitor	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle enterprise telephony fraud monitor	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications control plane monitor	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	nginx	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	ontap select deploy administration utility	scope:	-	version:	-	Trust: 0.8
vendor:	openresty	model:	openresty	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle communications fraud monitor	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23017
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-23017
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202105-1581
value:	HIGH
Trust: 0.6
VULHUB:	VHN-381503
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-23017
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23017
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-381503
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-23017
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.2
impactScore:	5.5
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23017
baseSeverity:	CRITICAL
baseScore:	9.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // CNNVD: CNNVD-202105-1581 // NVD: CVE-2021-23017

PROBLEMTYPE DATA

problemtype:	CWE-193	Trust: 1.1
problemtype:	Boundary condition judgment (CWE-193) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-381503 // JVNDB: JVNDB-2021-007625 // NVD: CVE-2021-23017

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1581

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202105-1581

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-381503

PATCH

title:	Oracle Critical Patch Update Advisory - October 2021 Oracle Critical Patch Update	url:	https://support.f5.com/csp/article/K12331123	Trust: 0.8
title:	Nginx Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154683	Trust: 0.6
title:	Red Hat: Important: nginx:1.20 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20220323 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: nginx: CVE-2021-23017: DNS Resolver off-by-one heap write vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0339ada74619d10f752ff8ffaeb08207	Trust: 0.1
title:	Debian Security Advisories: DSA-4921-1 nginx -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=d6e7f162f0da2ae62b9b588e4f3e995a	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1507	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1507	Trust: 0.1
title:	Red Hat: CVE-2021-23017	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-23017	Trust: 0.1
title:	Amazon Linux 2: ALASNGINX1-2023-003	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASNGINX1-2023-003	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202106-36] nginx: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-36	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202106-48] nginx-mainline: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202106-48	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-23017 log	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/Logeswark/helmpackage	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/carayev/kubernetes-nginx-ingress	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/Hopecount123/ingress-controller-update	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/Aswinisurya99/ingress-ngininx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/StuartDickenson/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/rohankumardubey/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/ryanarabety/ingress-nginx-Kubernetes	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/doudou147/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/kartikeyaexpd/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/shaundaley39/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/shoebece/nginx-ingress	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/adityamillind98/ngins	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/maksonlee/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/caojian12345/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/msyhu/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/gmk-git/Kubernetes-Ingress	Trust: 0.1
title:	CVE-2021-23017	url:	https://github.com/ShivamDey/CVE-2021-23017	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/MrE-Fog/ingress-nginxx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/luyuehm/ingress-nginx	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/lemonhope-mz/replica_kubernetes-nginx	Trust: 0.1
title:	CVE-2021-23017-PoC	url:	https://github.com/M507/CVE-2021-23017-PoC	Trust: 0.1
title:	CVE-2021-23017-PoC	url:	https://github.com/lakshit1212/CVE-2021-23017-PoC	Trust: 0.1
title:	Ingress NGINX Controller	url:	https://github.com/zlz4642/ingress-nginx	Trust: 0.1
title:	https://github.com/M507/M507	url:	https://github.com/M507/M507	Trust: 0.1
title:	Polysphere Temp Blog	url:	https://github.com/eggkingo/polyblog	Trust: 0.1
title:	DC:4 Vulnhub Walkthrough	url:	https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough	Trust: 0.1
title:	https://github.com/teresaweber685/book_list	url:	https://github.com/teresaweber685/book_list	Trust: 0.1
title:	Mode Switching Framework	url:	https://github.com/rmtec/modeswitcher	Trust: 0.1
title:	https://github.com/bollwarm/SecToolSet	url:	https://github.com/bollwarm/SecToolSet	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/soosmile/POC	Trust: 0.1
title:	PoC in GitHub	url:	https://github.com/manas3c/CVE-POC	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-lab/awesome-security	Trust: 0.1
title:	Github CVE Monitor	url:	https://github.com/khulnasoft-labs/awesome-security	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2022/07/15/cisa_critical_juniper_bugs/	Trust: 0.1

sources: VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // CNNVD: CNNVD-202105-1581

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23017	Trust: 4.3
db:	PACKETSTORM	id:	167720	Trust: 1.8
db:	PACKETSTORM	id:	163013	Trust: 0.8
db:	PACKETSTORM	id:	165782	Trust: 0.8
db:	PACKETSTORM	id:	163003	Trust: 0.8
db:	PACKETSTORM	id:	164948	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-007625	Trust: 0.8
db:	PACKETSTORM	id:	162830	Trust: 0.7
db:	PACKETSTORM	id:	162835	Trust: 0.7
db:	PACKETSTORM	id:	162851	Trust: 0.7
db:	EXPLOIT-DB	id:	50973	Trust: 0.7
db:	PACKETSTORM	id:	164523	Trust: 0.7
db:	PACKETSTORM	id:	164562	Trust: 0.7
db:	PACKETSTORM	id:	164282	Trust: 0.7
db:	CS-HELP	id:	SB2021052543	Trust: 0.6
db:	CS-HELP	id:	SB2022041931	Trust: 0.6
db:	CS-HELP	id:	SB2021092811	Trust: 0.6
db:	CS-HELP	id:	SB2022071833	Trust: 0.6
db:	CS-HELP	id:	SB2021052901	Trust: 0.6
db:	CS-HELP	id:	SB2021060212	Trust: 0.6
db:	CS-HELP	id:	SB2021100722	Trust: 0.6
db:	CS-HELP	id:	SB2022012302	Trust: 0.6
db:	CS-HELP	id:	SB2021052713	Trust: 0.6
db:	CS-HELP	id:	SB2021060719	Trust: 0.6
db:	CS-HELP	id:	SB2021060948	Trust: 0.6
db:	CS-HELP	id:	SB2021061520	Trust: 0.6
db:	CS-HELP	id:	SB2022012747	Trust: 0.6
db:	CS-HELP	id:	SB2021062209	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3878	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1850	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3485	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1936	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1802	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3211	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3430	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1861	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1817	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2027	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1973	Trust: 0.6
db:	CXSECURITY	id:	WLB-2022070032	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1581	Trust: 0.6
db:	PACKETSTORM	id:	162992	Trust: 0.2
db:	PACKETSTORM	id:	162986	Trust: 0.1
db:	PACKETSTORM	id:	162819	Trust: 0.1
db:	VULHUB	id:	VHN-381503	Trust: 0.1
db:	VULMON	id:	CVE-2021-23017	Trust: 0.1
db:	PACKETSTORM	id:	169062	Trust: 0.1

sources: VULHUB: VHN-381503 // VULMON: CVE-2021-23017 // JVNDB: JVNDB-2021-007625 // PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782 // PACKETSTORM: 169062 // CNNVD: CNNVD-202105-1581 // NVD: CVE-2021-23017

REFERENCES

url:	http://packetstormsecurity.com/files/167720/nginx-1.20.0-denial-of-service.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 2.4
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.4
url:	https://security.netapp.com/advisory/ntap-20210708-0006/	Trust: 1.8
url:	http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23017	Trust: 1.7
url:	https://support.f5.com/csp/article/k12331123%2c	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3cnotifications.apisix.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2021-23017	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7sfvyhc7oxteo4smbwxdvk6e5imeymee/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/gnkop2jr5l7kciztjrzdcupjtuonmc5i/	Trust: 0.7
url:	https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3cnotifications.apisix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3cnotifications.apisix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3cnotifications.apisix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3cnotifications.apisix.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3cnotifications.apisix.apache.org%3e	Trust: 0.7
url:	https://support.f5.com/csp/article/k12331123	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052713	Trust: 0.6
url:	https://packetstormsecurity.com/files/163003/red-hat-security-advisory-2021-2278-01.html	Trust: 0.6
url:	https://vigilance.fr/vulnerability/nginx-buffer-overflow-via-dns-server-response-35526	Trust: 0.6
url:	https://packetstormsecurity.com/files/164282/red-hat-security-advisory-2021-3653-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6492205	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041931	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1802	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-f5-nginx-controller-affect-ibm-cloud-pak-for-automation/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162851/ubuntu-security-notice-usn-4967-2.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060719	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3211	Trust: 0.6
url:	https://packetstormsecurity.com/files/164523/red-hat-security-advisory-2021-3873-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100722	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3430	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022070032	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2027	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1850	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6483657	Trust: 0.6
url:	https://packetstormsecurity.com/files/162835/gentoo-linux-security-advisory-202105-38.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052901	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022071833	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052543	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060948	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1817	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3878	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021062209	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1973	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1936	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50973	Trust: 0.6
url:	https://packetstormsecurity.com/files/164948/red-hat-security-advisory-2021-4618-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012302	Trust: 0.6
url:	https://packetstormsecurity.com/files/163013/red-hat-security-advisory-2021-2290-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021092811	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.3485	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021061520	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1861	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525030	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012747	Trust: 0.6
url:	https://packetstormsecurity.com/files/162830/nginx-1.20.0-dns-resolver-off-by-one-heap-write.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/164562/red-hat-security-advisory-2021-3925-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/165782/red-hat-security-advisory-2022-0323-02.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060212	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22922	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-36222	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-37750	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22923	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22924	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-22922	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-22924	Trust: 0.4
url:	https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36222	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-22923	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-32626	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-32687	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32626	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32675	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3653	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37750	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-32675	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-41099	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3653	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32627	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32687	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32628	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32672	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-32627	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-32672	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-32628	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2022:0323	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41099	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-3656	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3656	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32690	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-32690	Trust: 0.2
url:	https://support.f5.com/csp/article/k12331123,	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/193.html	Trust: 0.1
url:	https://github.com/logeswark/helmpackage	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/gmk-git/kubernetes-ingress	Trust: 0.1
url:	https://www.debian.org/security/2021/dsa-4921	Trust: 0.1
url:	https://alas.aws.amazon.com/alas-2021-1507.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2259	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2278	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:2290	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23434	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3873	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23434	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-25648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22543	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21670	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25741	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25648	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21671	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4658	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-4658	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3925	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37576	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-21671	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23841	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-25741	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23840	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-37576	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-27777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31535	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3653	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32399	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29650	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27777	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-32399	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-29650	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22555	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31535	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22555	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33929	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-0512	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-32803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3733	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33930	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3711	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:4618	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3733	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-36385	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3712	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-32804	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33938	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33929	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-36385	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32804	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22947	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0512	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22946	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3711	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33930	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-22946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33928	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3712	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33938	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-32803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-33928	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nginx	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 162992 // PACKETSTORM: 163003 // PACKETSTORM: 163013 // PACKETSTORM: 164523 // PACKETSTORM: 164562 // PACKETSTORM: 164282 // PACKETSTORM: 164948 // PACKETSTORM: 165782

SOURCES

db:	VULHUB	id:	VHN-381503
db:	VULMON	id:	CVE-2021-23017
db:	JVNDB	id:	JVNDB-2021-007625
db:	PACKETSTORM	id:	162992
db:	PACKETSTORM	id:	163003
db:	PACKETSTORM	id:	163013
db:	PACKETSTORM	id:	164523
db:	PACKETSTORM	id:	164562
db:	PACKETSTORM	id:	164282
db:	PACKETSTORM	id:	164948
db:	PACKETSTORM	id:	165782
db:	PACKETSTORM	id:	169062
db:	CNNVD	id:	CNNVD-202105-1581
db:	NVD	id:	CVE-2021-23017

LAST UPDATE DATE

2024-11-07T21:32:17.126000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381503	date:	2022-09-14T00:00:00
db:	VULMON	id:	CVE-2021-23017	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-007625	date:	2022-02-18T01:21:00
db:	CNNVD	id:	CNNVD-202105-1581	date:	2022-09-15T00:00:00
db:	NVD	id:	CVE-2021-23017	date:	2023-11-07T03:30:29.880

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381503	date:	2021-06-01T00:00:00
db:	VULMON	id:	CVE-2021-23017	date:	2021-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-007625	date:	2022-02-18T00:00:00
db:	PACKETSTORM	id:	162992	date:	2021-06-07T13:50:43
db:	PACKETSTORM	id:	163003	date:	2021-06-07T20:59:09
db:	PACKETSTORM	id:	163013	date:	2021-06-08T14:13:55
db:	PACKETSTORM	id:	164523	date:	2021-10-15T15:06:44
db:	PACKETSTORM	id:	164562	date:	2021-10-20T15:45:47
db:	PACKETSTORM	id:	164282	date:	2021-09-24T15:49:04
db:	PACKETSTORM	id:	164948	date:	2021-11-12T17:01:04
db:	PACKETSTORM	id:	165782	date:	2022-01-31T16:24:54
db:	PACKETSTORM	id:	169062	date:	2021-05-28T19:12:00
db:	CNNVD	id:	CNNVD-202105-1581	date:	2021-05-25T00:00:00
db:	NVD	id:	CVE-2021-23017	date:	2021-06-01T13:15:07.853