Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-23017

Published: August 31, 2023Last modified: August 31, 2023

Description

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Severity score breakdown

ParameterValue
Base score7.7
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSnginxNot affected (1.22.1-r0)
StreamnginxNot affected (1.24.0-r11)

References

ON THIS PAGE