Lucene search

GoogleOSV:USN-5034-2

HistoryAug 10, 2021 - 5:15 p.m.

c-ares vulnerability

2021-08-1017:15:47

Google

osv.dev

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

USN-5034-1 fixed a vulnerability in c-ares. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly
validated certain hostnames returned by DNS servers. A remote attacker
could possibly use this issue to perform Domain Hijacking attacks.

References

ubuntu.com/security/CVE-2021-3672

ubuntu.com/security/notices/USN-5034-2

cve

CVE-2021-3672

2021-11-23 19:15:07

nessus

Photon OS 2.0: C PHSA-2021-2.0-0378

2021-08-14 00:00:00

EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2021-2679)

2021-11-11 00:00:00

Debian DSA-4954-1 : c-ares - security update

2021-08-10 00:00:00

osv

c-ares - security update

2021-08-10 00:00:00

CVE-2021-3672

2021-11-23 19:15:07

BIT-node-2021-3672

2024-03-06 11:05:27

veracode

Domain Hijacking

2021-08-11 07:40:41

openvas

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2704)

2021-11-12 00:00:00

Fedora: Security Advisory for c-ares (FEDORA-2021-52c89b44a9)

2021-09-05 00:00:00

Fedora: Security Advisory for python-pycares (FEDORA-2021-a48cf28c13)

2021-10-02 00:00:00

gitlab

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

2021-11-23 00:00:00

amazon

Medium: c-ares

2021-10-29 16:37:00

Medium: c-ares

2024-01-03 21:04:00

github

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares

2022-07-05 22:08:20

altlinux

Security fix for the ALT Linux 9 package c-ares version 1.17.2-alt1

2021-08-19 00:00:00

Security fix for the ALT Linux 10 package node version 14.17.5-alt1

2021-08-17 00:00:00

alpinelinux

CVE-2021-3672

2021-11-23 19:15:07

redhat

(RHSA-2022:2043) Moderate: c-ares security update

2022-05-10 08:14:29

(RHSA-2021:3623) Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

(RHSA-2021:3666) Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

ubuntu

c-ares vulnerability

2021-08-10 00:00:00

c-ares vulnerability

2021-08-10 00:00:00

suse

Security update for c-ares (important)

2021-08-17 00:00:00

Security update for c-ares (important)

2021-08-19 00:00:00

Security update for nodejs10 (moderate)

2021-09-03 00:00:00

fedora

[SECURITY] Fedora 34 Update: c-ares-1.17.2-1.fc34

2021-08-18 01:13:01

[SECURITY] Fedora 34 Update: mingw-c-ares-1.17.2-1.fc34

2021-08-19 01:08:18

[SECURITY] Fedora 35 Update: python-pycares-4.0.0-5.fc35

2021-09-24 20:40:39

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0423

2021-08-12 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0378

2021-08-13 00:00:00

Important Photon OS Security Update - PHSA-2021-0282

2021-08-12 00:00:00

ubuntucve

CVE-2021-3672

2021-08-10 00:00:00

CVE-2021-22931

2021-08-16 00:00:00

redhatcve

CVE-2021-3672

2021-08-10 18:58:50

almalinux

Moderate: c-ares security update

2022-05-10 08:14:29

Important: nodejs:14 security and bug fix update

2021-09-27 06:47:35

Important: nodejs:12 security and bug fix update

2021-09-21 12:33:58

prion

Input validation

2021-11-23 19:15:00

debian

[SECURITY] [DLA 2738-1] c-ares security update

2021-08-10 07:18:07

[SECURITY] [DSA 4954-1] c-ares security update

2021-08-10 07:10:36

[SECURITY] [DSA 4954-1] c-ares security update

2021-08-10 07:10:36

oraclelinux

c-ares security update

2022-05-17 00:00:00

nodejs:14 security and bug fix update

2021-09-27 00:00:00

nodejs:12 security and bug fix update

2021-09-22 00:00:00

nvd

CVE-2021-3672

2021-11-23 19:15:07

cvelist

CVE-2021-3672

2021-11-23 00:00:00

debiancve

CVE-2021-3672

2021-11-23 19:15:07

rocky

c-ares security update

2022-05-10 08:14:29

nodejs:14 security and bug fix update

2021-09-27 06:47:35

nodejs:12 security and bug fix update

2021-09-21 12:33:58

cbl_mariner

CVE-2021-3672 affecting package pgbouncer 1.16.1-1

2024-07-05 21:08:40

CVE-2021-3672 affecting package c-ares 1.17.1-1

2021-12-17 20:09:32

CVE-2021-3672 affecting package pgbouncer 1.16.1-1

2024-07-05 21:08:35

freebsd

py39-pycares -- domain hijacking vulnerability

2021-06-11 00:00:00

archlinux

[ASA-202108-13] c-ares: insufficient validation

2021-08-10 00:00:00

mageia

Updated c-ares packages fix security vulnerability

2021-10-02 21:57:04

Updated nodejs packages fix security vulnerability

2021-10-06 22:41:56

K53225395 : Node.js vulnerabilities CVE-2021-3672 and CVE-2021-22931

2021-10-15 00:00:00

rosalinux

Advisory ROSA-SA-2023-2246

2023-10-17 12:06:48

gentoo

c-ares: Multiple Vulnerabilities

2024-01-05 00:00:00

Node.js: Multiple Vulnerabilities

2024-05-08 00:00:00

ibm

Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities

2022-04-20 14:01:14

Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2022-05-31 14:57:28

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

2023-03-08 18:05:21

ics

Siemens SINEC INS

2022-03-10 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON