Vulnerability CVE-2021-23017

Vulnerability Name:

CVE-2021-23017 (CCN-202450)

Assigned:

2021-05-25

Published:

2021-05-25

Updated:

2022-09-14

Summary:

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVSS v3 Severity:

7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)
6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): Low

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-193

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-23017

Source: MISC
Type: Mailing List, Patch, Vendor Advisory
http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

Source: CCN
Type: NGINX Web site
NGINX

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html

Source: XF
Type: UNKNOWN
nginx-cve202123017-code-exec(202450)

Source: MLIST
Type: Mailing List, Third Party Advisory
[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added "Apache APISIX not affected by NGINX CVE-2021-23017"

Source: MLIST
Type: Mailing List, Third Party Advisory
[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added "Apache APISIX not affected by NGINX CVE-2021-23017"

Source: MLIST
Type: Mailing List, Third Party Advisory
[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog

Source: MLIST
Type: Mailing List, Third Party Advisory
[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added "Apache APISIX not affected by NGINX CVE-2021-23017" (#362)

Source: MLIST
Type: Mailing List, Third Party Advisory
[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added "Apache APISIX not affected by NGINX CVE-2021-23017"

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-393d698493

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-b37cffac0d

Source: CCN
Type: Packet Storm Security [05-26-2021]
nginx 1.20.0 DNS Resolver Off-By-One Heap Write

Source: CCN
Type: Packet Storm Security [07-11-2022]
Nginx 1.20.0 Denial Of Service

Source: CCN
Type: oss-sec Mailing List, Tue, 25 May 2021 18:26:23 +0200
X41 D-Sec GmbH Security Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210708-0006/

Source: CCN
Type: F5 Security Advisory K12331123
NGINX Plus and Open Source vulnerability CVE-2021-23017

Source: MISC
Type: Broken Link
https://support.f5.com/csp/article/K12331123,

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [07-11-2022]

Source: CCN
Type: IBM Security Bulletin 6473495 (Cloud Pak for Automation)
Multiple vulnerabilities in F5 NGINX Controller affect IBM Cloud Pak for Automation

Source: CCN
Type: IBM Security Bulletin 6483657 (API Connect)
IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017)

Source: CCN
Type: IBM Security Bulletin 6492205 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Nginx

Source: CCN
Type: IBM Security Bulletin 6525030 (Spectrum Protect Plus)
Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:f5:nginx:*:*:*:*:*:*:*:* (Version >= 0.6.18 and < 1.20.1)

Configuration 2:

cpe:/a:openresty:openresty:*:*:*:*:*:*:*:* (Version < 1.19.3.2)

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Configuration 5:

cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:* (Version >= 3.4 and <= 4.4)

OR cpe:/a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:goldengate:*:*:*:*:*:*:*:* (Version < 21.4.0.0.0)

OR cpe:/a:oracle:blockchain_platform:*:*:*:*:*:*:*:* (Version < 21.1.2)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nginx:nginx:0.6.18:*:*:*:*:*:*:*

OR cpe:/a:nginx:nginx:1.20.0:*:*:*:*:*:*:*

OR cpe:/a:f5:nginx_ingress_controller:1.0.0:-:*:*:*:*:*:*

OR cpe:/a:f5:nginx_ingress_controller:1.11.1:*:*:*:*:*:*:*

OR cpe:/a:f5:nginx_ingress_controller:1.11.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.8.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8030	P	libcmark0_30_2-0.30.2-150400.3.3.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7958	P	libqt5-qtsvg-private-headers-devel-5.15.8+kde8-150500.1.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:95257	P	Security update for openssl-1_1 (Important)	2022-07-06
oval:org.opensuse.security:def:3508	P	gpg2-2.0.24-9.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95138	P	nginx-1.21.5-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6028	P	Security update for libvirt (Moderate)	2022-05-04
oval:org.opensuse.security:def:101970	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP3) (Important)	2022-04-24
oval:org.opensuse.security:def:99463	P	(Important)	2022-03-30
oval:com.redhat.rhsa:def:20220323	P	RHSA-2022:0323: nginx:1.20 security update (Important)	2022-01-31
oval:org.opensuse.security:def:113031	P	nginx-1.21.3-1.4 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106474	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:97010	P	libapr-util1-dbd-mysql-1.6.1-4.3.8 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97019	P	libspice-server-devel-0.14.1-2.21 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97003	P	dpdk-18.11-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97009	P	krb5-plugin-kdb-ldap-1.16.3-1.16 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:99662	P	(Important)	2021-07-20
oval:org.opensuse.security:def:111556	P	Security update for nginx (Important)	2021-07-10
oval:org.opensuse.security:def:99970	P	(Moderate)	2021-06-29
oval:com.redhat.rhsa:def:20212290	P	RHSA-2021:2290: nginx:1.16 security update (Important)	2021-06-08
oval:com.redhat.rhsa:def:20212259	P	RHSA-2021:2259: nginx:1.18 security update (Important)	2021-06-07
oval:org.opensuse.security:def:111420	P	Security update for nginx (Important)	2021-06-03
oval:org.opensuse.security:def:9713	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:99072	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:92712	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:69853	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:8961	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:92122	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:99264	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:92911	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:92314	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:10264	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:93064	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:70404	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:9514	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:98877	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:92513	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:69654	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:8766	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:93217	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:91927	P	Security update for nginx (Important)	2021-06-02
oval:org.opensuse.security:def:76185	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:109395	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:69119	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:102183	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:66798	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:118491	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:5709	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:96039	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:1607	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:67117	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:102729	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:75866	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:108636	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:69047	P	Security update for nginx (Important)	2021-05-31
oval:org.opensuse.security:def:10083	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:70223	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:9329	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:69469	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:8584	P	Security update for nginx (Important)	2021-05-27

BACK