CVE-2021-23017
First published: Fri May 21 2021(Updated: )
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Nginx | >=0.6.18<1.20.1 | |
| Openresty Openresty | <1.19.3.2 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| NetApp ONTAP Select Deploy administration utility | ||
| Oracle Blockchain Platform | <21.1.2 | |
| Oracle Communications Control Plane Monitor | =3.4 | |
| Oracle Communications Control Plane Monitor | =4.2 | |
| Oracle Communications Control Plane Monitor | =4.3 | |
| Oracle Communications Control Plane Monitor | =4.4 | |
| Oracle Communications Fraud Monitor | >=3.4<=4.4 | |
| Oracle Communications Operations Monitor | =3.4 | |
| Oracle Communications Operations Monitor | =4.2 | |
| Oracle Communications Operations Monitor | =4.3 | |
| Oracle Communications Operations Monitor | =4.4 | |
| Oracle Communications Session Border Controller | =8.4 | |
| Oracle Communications Session Border Controller | =9.0 | |
| Oracle Enterprise Communications Broker | =3.3.0 | |
| Oracle Enterprise Session Border Controller | =8.4 | |
| Oracle Enterprise Session Border Controller | =9.0 | |
| Oracle Enterprise Telephony Fraud Monitor | =3.4 | |
| Oracle Enterprise Telephony Fraud Monitor | =4.2 | |
| Oracle Enterprise Telephony Fraud Monitor | =4.3 | |
| Oracle Enterprise Telephony Fraud Monitor | =4.4 | |
| Oracle GoldenGate | <21.4.0.0.0 | |
| redhat/automation-hub | <0:4.2.5-1.el7 | 0:4.2.5-1.el7 |
| redhat/python-galaxy-ng | <0:4.2.5-2.el7 | 0:4.2.5-2.el7 |
| redhat/python-pulpcore | <0:3.7.6-1.el7 | 0:3.7.6-1.el7 |
| redhat/automation-hub | <0:4.2.5-1.el8 | 0:4.2.5-1.el8 |
| redhat/python-galaxy-ng | <0:4.2.5-2.el8 | 0:4.2.5-2.el8 |
| redhat/python-pulpcore | <0:3.7.6-1.el8 | 0:3.7.6-1.el8 |
| redhat/rh-nginx118-nginx | <1:1.18.0-3.el7 | 1:1.18.0-3.el7 |
| redhat/rh-nginx116-nginx | <1:1.16.1-6.el7 | 1:1.16.1-6.el7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
- http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html
- https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E
- https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
- https://security.netapp.com/advisory/ntap-20210708-0006/
- https://support.f5.com/csp/article/K12331123,
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.openwall.com/lists/oss-security/2021/05/25/5
- https://nginx.org/download/patch.2021.resolver.txt
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1964821
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1964820
- https://access.redhat.com/errata/RHSA-2021:2258
- https://access.redhat.com/security/cve/cve-2021-23017
- https://access.redhat.com/errata/RHSA-2021:2259
- https://access.redhat.com/errata/RHSA-2021:2278
- https://access.redhat.com/errata/RHSA-2021:2290
- https://access.redhat.com/errata/RHSA-2021:3653
- https://access.redhat.com/errata/RHSA-2021:3873
- https://access.redhat.com/errata/RHSA-2021:3925
- https://access.redhat.com/errata/RHSA-2021:4618
- https://access.redhat.com/errata/RHSA-2022:0323
- https://bugzilla.redhat.com/show_bug.cgi?id=1963121
- https://www.cve.org/CVERecord?id=CVE-2021-23017 https://nvd.nist.gov/vuln/detail/CVE-2021-23017
- https://access.redhat.com/errata/RHSA-2021:3851
- https://access.redhat.com/errata/RHBA-2021:3472
- https://access.redhat.com/errata/RHBA-2021:2955
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this security issue in nginx resolver?
The vulnerability ID for this security issue in nginx resolver is CVE-2021-23017.
What is the severity of CVE-2021-23017?
The severity of CVE-2021-23017 is high with a CVSS score of 8.1.
How does the vulnerability in nginx resolver occur?
The vulnerability in nginx resolver is caused by an off-by-one error while processing DNS responses.
What is the potential impact of this vulnerability?
The potential impact of this vulnerability is remote code execution.
How can I fix the vulnerability in nginx resolver?
To fix the vulnerability in nginx resolver, update to version 1.21.0 or 1.20.1 of nginx.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-23017
- agent/software-canonical-lookup
- collector/redhat-cve
- vendor/f5
- canonical/f5 nginx
- version/f5 nginx/0.6.18
- vendor/openresty
- canonical/openresty openresty
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- vendor/oracle
- canonical/oracle blockchain platform
- canonical/oracle communications control plane monitor
- version/oracle communications control plane monitor/3.4
- version/oracle communications control plane monitor/4.2
- version/oracle communications control plane monitor/4.3
- version/oracle communications control plane monitor/4.4
- canonical/oracle communications fraud monitor
- version/oracle communications fraud monitor/3.4
- version/oracle communications fraud monitor/4.4
- canonical/oracle communications operations monitor
- version/oracle communications operations monitor/3.4
- version/oracle communications operations monitor/4.2
- version/oracle communications operations monitor/4.3
- version/oracle communications operations monitor/4.4
- canonical/oracle communications session border controller
- version/oracle communications session border controller/8.4
- version/oracle communications session border controller/9.0
- canonical/oracle enterprise communications broker
- version/oracle enterprise communications broker/3.3.0
- canonical/oracle enterprise session border controller
- version/oracle enterprise session border controller/8.4
- version/oracle enterprise session border controller/9.0
- canonical/oracle enterprise telephony fraud monitor
- version/oracle enterprise telephony fraud monitor/3.4
- version/oracle enterprise telephony fraud monitor/4.2
- version/oracle enterprise telephony fraud monitor/4.3
- version/oracle enterprise telephony fraud monitor/4.4
- canonical/oracle goldengate
- package-manager/redhat