← back
CVE-2021-23017

CVE-2021-23017

EPSS 52.8%CWE-193
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Affected products
n/a · Nginx Web Server, Nginx Plus
public PoCs found11
githubgithub.com/M507/CVE-2021-23017-PoC135githubgithub.com/z3usx01/CVE-2021-23017-POC1githubgithub.com/lakshit1212/CVE-2021-23017-PoC1githubgithub.com/6lj/EVIL-CVE-2021-23017-Update-20251githubgithub.com/niandy/nginx-patch1githubgithub.com/moften/CVE-2021-230170githubgithub.com/ShivamDey/CVE-2021-230170githubgithub.com/lukwagoasuman/-home-lukewago-Downloads-CVE-2021-23017-Nginx-1.140githubgithub.com/Cybervixy/Vulnerability-Management0exploitdbwww.exploit-db.com/exploits/50973unverifiedcve_referencepacketstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.htmlhttp://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.htmlhttps://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3Ehttps://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3Ehttps://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3Ehttps://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3Ehttps://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/https://security.netapp.com/advisory/ntap-20210708-0006/https://support.f5.com/csp/article/K12331123%2Chttps://www.oracle.com/security-alerts/cpuapr2022.html