Lucene search

GoogleOSV:USN-5034-1

HistoryAug 10, 2021 - 11:53 a.m.

c-ares vulnerability

2021-08-1011:53:27

Google

osv.dev

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
validated certain hostnames returned by DNS servers. A remote attacker
could possibly use this issue to perform Domain Hijacking attacks.

References

ubuntu.com/security/CVE-2021-3672

ubuntu.com/security/notices/USN-5034-1

nessus

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2021-2704)

2021-11-11 00:00:00

EulerOS Virtualization 3.0.2.6 : c-ares (EulerOS-SA-2021-2882)

2022-01-06 00:00:00

EulerOS Virtualization 3.0.6.0 : c-ares (EulerOS-SA-2022-1057)

2022-02-12 00:00:00

openvas

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2623)

2021-11-03 00:00:00

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2574)

2021-10-26 00:00:00

Debian: Security Advisory (DSA-4954-1)

2021-08-12 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0282

2021-08-12 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0423

2021-08-12 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0378

2021-08-13 00:00:00

ubuntu

c-ares vulnerability

2021-08-10 00:00:00

c-ares vulnerability

2021-08-10 00:00:00

rocky

c-ares security update

2022-05-10 08:14:29

nodejs:12 security and bug fix update

2021-09-21 12:33:58

nodejs:14 security and bug fix update

2021-09-27 06:47:35

suse

Security update for c-ares (important)

2021-08-19 00:00:00

Security update for c-ares (important)

2021-08-17 00:00:00

Security update for nodejs10 (moderate)

2021-09-07 00:00:00

cbl_mariner

CVE-2021-3672 affecting package pgbouncer 1.16.1-1

2024-07-05 21:08:40

CVE-2021-3672 affecting package c-ares 1.17.1-1

2021-12-17 20:09:32

CVE-2021-3672 affecting package pgbouncer 1.16.1-1

2024-07-05 21:08:35

debian

[SECURITY] [DLA 2738-1] c-ares security update

2021-08-10 07:18:07

[SECURITY] [DSA 4954-1] c-ares security update

2021-08-10 07:10:36

[SECURITY] [DSA 4954-1] c-ares security update

2021-08-10 07:10:36

fedora

[SECURITY] Fedora 35 Update: python-pycares-4.0.0-5.fc35

2021-09-24 20:40:39

[SECURITY] Fedora 34 Update: c-ares-1.17.2-1.fc34

2021-08-18 01:13:01

[SECURITY] Fedora 34 Update: mingw-c-ares-1.17.2-1.fc34

2021-08-19 01:08:18

oraclelinux

c-ares security update

2022-05-17 00:00:00

nodejs:14 security and bug fix update

2021-09-27 00:00:00

nodejs:12 security and bug fix update

2021-09-22 00:00:00

osv

BIT-pgbouncer-2021-3672

2024-03-06 11:01:14

CVE-2021-3672

2021-11-23 19:15:07

c-ares - security update

2021-08-10 00:00:00

nvd

CVE-2021-3672

2021-11-23 19:15:07

debiancve

CVE-2021-3672

2021-11-23 19:15:07

cvelist

CVE-2021-3672

2021-11-23 00:00:00

alpinelinux

CVE-2021-3672

2021-11-23 19:15:07

altlinux

Security fix for the ALT Linux 9 package c-ares version 1.17.2-alt1

2021-08-19 00:00:00

Security fix for the ALT Linux 10 package node version 14.17.5-alt1

2021-08-17 00:00:00

amazon

Medium: c-ares

2021-10-29 16:37:00

Medium: c-ares

2024-01-03 21:04:00

cve

CVE-2021-3672

2021-11-23 19:15:07

veracode

Domain Hijacking

2021-08-11 07:40:41

gitlab

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2021-11-23 00:00:00

github

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares

2022-07-05 22:08:20

redhat

(RHSA-2022:2043) Moderate: c-ares security update

2022-05-10 08:14:29

(RHSA-2021:3666) Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

(RHSA-2021:3623) Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

redhatcve

CVE-2021-3672

2021-08-10 18:58:50

prion

Input validation

2021-11-23 19:15:00

almalinux

Moderate: c-ares security update

2022-05-10 08:14:29

Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

ubuntucve

CVE-2021-3672

2021-08-10 00:00:00

CVE-2021-22931

2021-08-16 00:00:00

freebsd

py39-pycares -- domain hijacking vulnerability

2021-06-11 00:00:00

mageia

Updated c-ares packages fix security vulnerability

2021-10-02 21:57:04

Updated nodejs packages fix security vulnerability

2021-10-06 22:41:56

archlinux

[ASA-202108-13] c-ares: insufficient validation

2021-08-10 00:00:00

K53225395 : Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931

2021-10-15 00:00:00

rosalinux

Advisory ROSA-SA-2023-2246

2023-10-17 12:06:48

gentoo

c-ares: Multiple Vulnerabilities

2024-01-05 00:00:00

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

ibm

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

2022-04-20 14:01:14

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2022-05-31 14:57:28

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

ics

Siemens SINEC INS

2022-03-10 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON