SnykCVELIST:CVE-2021-23386CVE-2021-23386 Remote Memory Exposure
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.7%
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
CNA Affected
[
{
"product": "dns-packet",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
7.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.7%