1-byte memory overwrite might occur during DNS server response
processing if the “resolver” directive was used, allowing an
attacker who is able to forge UDP packets from the DNS server
to cause worker process crash or, potentially, arbitrary code
execution.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnginx< 1.20.1,2UNKNOWN
FreeBSDanynoarchnginx-devel< 1.21.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	nginx	< 1.20.1,2	UNKNOWN
FreeBSD	any	noarch	nginx-devel	< 1.21.0	UNKNOWN

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017

fedora 2

nessus 42

altlinux 1

ibm 7

osv 13

openvas 18

gentoo 1

cloudlinux 2

redos 32

ubuntucve 1

rocky 3

zdt 2

packetstorm 2

redhat 10

broadcom 2

cvelist 1

almalinux 3

veracode 1

githubexploit 4

nginx 1

ubuntu 2

debian 2

archlinux 2

oraclelinux 3

alpinelinux 1

amazon 1

debiancve 1

nvd 1

exploitdb 1

suse 2

hackerone 1

prion 1

cbl_mariner 1

mageia 1

f5 2

redhatcve 1

cve 1

photon 8

thn 1

malwarebytes 1

oracle 4

fedora

[SECURITY] Fedora 34 Update: nginx-1.20.1-2.fc34

2021-06-11 01:15:42

[SECURITY] Fedora 33 Update: nginx-1.20.1-2.fc33

2021-06-11 01:19:56

nessus

openSUSE 15 Security Update : nginx (openSUSE-SU-2021:1815-1)

2021-07-16 00:00:00

nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE

2021-06-03 00:00:00

SUSE SLES15 Security Update : nginx (SUSE-SU-2021:1815-1)

2021-06-01 00:00:00

altlinux

Security fix for the ALT Linux 9 package nginx version 1.20.1-alt1

2021-06-23 00:00:00

ibm

Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)

2021-08-25 13:37:28

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

2021-10-01 06:18:54

Security Bulletin: nginx is vulnerable to CVE-2021-23017 used in IBM Maximo Application Suite - Edge Data Collector Component

2024-03-01 16:12:25

osv

nginx - security update

2021-05-30 00:00:00

nginx vulnerability

2021-05-26 13:50:49

Important: nginx:1.20 security update

2022-01-31 09:52:06

openvas

Fedora: Security Advisory for nginx (FEDORA-2021-393d698493)

2021-06-17 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:1814-1)

2021-06-09 00:00:00

openSUSE: Security Advisory for nginx (openSUSE-SU-2021:0835-1)

2021-06-04 00:00:00

gentoo

nginx: Remote code execution

2021-05-26 00:00:00

cloudlinux

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:21

Fix of CVE: CVE-2021-23017

2021-09-21 22:02:42

redos

ROS-2-1303

2021-09-08 00:00:00

ROS-2-1251

2021-12-24 00:00:00

ROS-2-1005

2021-09-08 00:00:00

ubuntucve

CVE-2021-23017

2021-05-25 00:00:00

rocky

nginx:1.18 security update

2021-06-07 10:02:53

nginx:1.16 security update

2021-06-08 09:47:28

nginx:1.20 security update

2022-01-31 09:52:06

zdt

nginx 1.20.0 DNS Resolver Off-By-One Heap Write Exploit

2021-05-27 00:00:00

Nginx 1.20.0 - Denial of Service Exploit

2022-07-11 00:00:00

packetstorm

nginx 1.20.0 DNS Resolver Off-By-One Heap Write

2021-05-26 00:00:00

Nginx 1.20.0 Denial Of Service

2022-07-11 00:00:00

redhat

(RHSA-2021:2278) Important: rh-nginx116-nginx security update

2021-06-07 17:17:53

(RHSA-2022:0323) Important: nginx:1.20 security update

2022-01-31 09:52:06

(RHSA-2021:2259) Important: nginx:1.18 security update

2021-06-07 10:02:53

broadcom

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

CVE-2021-23017: NGINX Resolver Vulnerability

2022-11-08 00:00:00

cvelist

CVE-2021-23017

2021-06-01 12:28:09

almalinux

Important: nginx:1.18 security update

2021-06-07 10:02:53

Important: nginx:1.16 security update

2021-06-08 09:47:28

Important: nginx:1.20 security update

2022-01-31 09:52:06

veracode

Remote Code Execution

2021-05-28 13:25:37

githubexploit

Exploit for Off-by-one Error in F5 Nginx

2023-10-21 04:24:02

Exploit for Off-by-one Error in F5 Nginx

2023-07-20 05:39:01

Exploit for Off-by-one Error in F5 Nginx

2022-06-30 04:39:58

nginx

1-byte memory overwrite in resolver

2021-06-01 13:15:07

ubuntu

nginx vulnerability

2021-05-27 00:00:00

nginx vulnerability

2021-05-26 00:00:00

debian

[SECURITY] [DSA 4921-1] nginx security update

2021-05-28 12:05:07

[SECURITY] [DLA 2670-1] nginx security update

2021-05-30 12:56:20

archlinux

[ASA-202106-36] nginx: arbitrary code execution

2021-06-15 00:00:00

[ASA-202106-48] nginx-mainline: arbitrary code execution

2021-06-22 00:00:00

oraclelinux

nginx:1.20 security update

2022-02-01 00:00:00

nginx:1.18 security update

2021-06-08 00:00:00

nginx:1.16 security update

2021-06-10 00:00:00

alpinelinux

CVE-2021-23017

2021-06-01 13:15:07

amazon

Important: nginx

2021-06-01 17:58:00

debiancve

CVE-2021-23017

2021-06-01 13:15:07

nvd

CVE-2021-23017

2021-06-01 13:15:07

exploitdb

Nginx 1.20.0 - Denial of Service (DOS)

2022-07-11 00:00:00

suse

Security update for nginx (important)

2021-06-04 00:00:00

Security update for nginx (important)

2021-07-11 00:00:00

hackerone

Internet Bug Bounty: 1-byte heap buffer overflow in DNS resolver

2021-05-27 10:32:41

prion

Memory corruption

2021-06-01 13:15:00

cbl_mariner

CVE-2021-23017 affecting package nginx 1.16.1-4

2021-06-14 15:32:58

mageia

Updated nginx package fixes a security vulnerability

2021-06-29 20:31:40

K12331123 : NGINX Plus and Open Source vulnerability CVE-2021-23017

2021-05-25 00:00:00

K52559937 : Overview of NGINX vulnerabilities (May 2021)

2021-05-25 00:00:00

redhatcve

CVE-2021-23017

2021-05-26 08:17:46

cve

CVE-2021-23017

2021-06-01 13:15:07

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0394

2021-05-27 00:00:00

Important Photon OS Security Update - PHSA-2021-0394

2021-05-27 00:00:00

Important Photon OS Security Update - PHSA-2021-0032

2021-05-26 00:00:00

thn

Juniper Releases Patches for Critical Flaws in Junos OS and Contrail Networking

2022-07-18 05:02:00

malwarebytes

Oracle releases massive Critical Patch Update containing 520 security patches

2022-04-20 14:53:54

oracle

Oracle Critical Patch Update Advisory - January 2022

2022-01-18 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

EPSS

0.316

Percentile

97.1%

JSON

Related for 0882F019-BD60-11EB-9BDD-8C164567CA3C