{"id":"CVE-2021-23017","details":"A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.","aliases":["BIT-nginx-2021-23017","BIT-nginx-gateway-2021-23017"],"modified":"2026-04-11T12:36:08.611944Z","published":"2021-06-01T13:15:07.853Z","related":["ALSA-2021:2259","ALSA-2021:2290","ALSA-2022:0323","MGASA-2021-0301","SUSE-SU-2021:1792-1","SUSE-SU-2021:1814-1","SUSE-SU-2021:1815-1","SUSE-SU-2021:1839-1","openSUSE-SU-2021:0835-1","openSUSE-SU-2021:1815-1","openSUSE-SU-2024:11092-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*","extracted_events":[{"fixed":"21.1.2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"3.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.4"},{"last_affected":"4.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"3.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"3.3.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"3.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"4.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*","extracted_events":[{"fixed":"21.4.0.0.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"33"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"34"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"},{"type":"WEB","url":"https://support.f5.com/csp/article/K12331123%2C"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210708-0006/"},{"type":"FIX","url":"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nginx/nginx","events":[{"introduced":"cb1cdc7426ba5470197f1a1ca5e8fe485223e558"},{"fixed":"98a892514206ee63d418d9f355c92b6d4ce6113a"}],"database_specific":{"cpe":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0.6.18"},{"fixed":"1.20.1"}],"source":"CPE_FIELD"}}],"versions":["release-0.6.18","release-0.6.19","release-0.6.20","release-0.6.21","release-0.6.22","release-0.6.23","release-0.6.24","release-0.6.25","release-0.6.26","release-0.6.27","release-0.6.28","release-0.6.29","release-0.6.30","release-0.6.31","release-0.7.0","release-0.7.1","release-0.7.10","release-0.7.11","release-0.7.12","release-0.7.13","release-0.7.14","release-0.7.15","release-0.7.16","release-0.7.17","release-0.7.18","release-0.7.19","release-0.7.2","release-0.7.20","release-0.7.21","release-0.7.22","release-0.7.23","release-0.7.24","release-0.7.25","release-0.7.26","release-0.7.27","release-0.7.28","release-0.7.29","release-0.7.3","release-0.7.30","release-0.7.31","release-0.7.32","release-0.7.33","release-0.7.34","release-0.7.35","release-0.7.36","release-0.7.37","release-0.7.38","release-0.7.39","release-0.7.4","release-0.7.40","release-0.7.41","release-0.7.42","release-0.7.43","release-0.7.44","release-0.7.45","release-0.7.46","release-0.7.47","release-0.7.48","release-0.7.49","release-0.7.5","release-0.7.50","release-0.7.51","release-0.7.52","release-0.7.53","release-0.7.54","release-0.7.55","release-0.7.56","release-0.7.57","release-0.7.58","release-0.7.59","release-0.7.6","release-0.7.7","release-0.7.8","release-0.7.9","release-0.8.0","release-0.8.1","release-0.8.10","release-0.8.11","release-0.8.12","release-0.8.13","release-0.8.14","release-0.8.15","release-0.8.16","release-0.8.17","release-0.8.18","release-0.8.19","release-0.8.2","release-0.8.20","release-0.8.21","release-0.8.22","release-0.8.23","release-0.8.24","release-0.8.25","release-0.8.26","release-0.8.27","release-0.8.28","release-0.8.29","release-0.8.3","release-0.8.30","release-0.8.31","release-0.8.32","release-0.8.33","release-0.8.34","release-0.8.35","release-0.8.36","release-0.8.37","release-0.8.38","release-0.8.39","release-0.8.4","release-0.8.40","release-0.8.41","release-0.8.42","release-0.8.43","release-0.8.44","release-0.8.45","release-0.8.46","release-0.8.47","release-0.8.48","release-0.8.49","release-0.8.5","release-0.8.50","release-0.8.51","release-0.8.52","release-0.8.53","release-0.8.6","release-0.8.7","release-0.8.8","release-0.8.9","release-0.9.0","release-0.9.1","release-0.9.2","release-0.9.3","release-0.9.4","release-0.9.5","release-0.9.6","release-0.9.7","release-1.0.0","release-1.0.1","release-1.0.2","release-1.0.3","release-1.0.4","release-1.0.5","release-1.1.0","release-1.1.1","release-1.1.10","release-1.1.11","release-1.1.12","release-1.1.13","release-1.1.14","release-1.1.15","release-1.1.16","release-1.1.17","release-1.1.18","release-1.1.19","release-1.1.2","release-1.1.3","release-1.1.4","release-1.1.5","release-1.1.6","release-1.1.7","release-1.1.8","release-1.1.9","release-1.11.0","release-1.11.1","release-1.11.10","release-1.11.11","release-1.11.12","release-1.11.13","release-1.11.2","release-1.11.3","release-1.11.4","release-1.11.5","release-1.11.6","release-1.11.7","release-1.11.8","release-1.11.9","release-1.13.0","release-1.13.1","release-1.13.10","release-1.13.11","release-1.13.12","release-1.13.2","release-1.13.3","release-1.13.4","release-1.13.5","release-1.13.6","release-1.13.7","release-1.13.8","release-1.13.9","release-1.15.0","release-1.15.1","release-1.15.10","release-1.15.11","release-1.15.12","release-1.15.2","release-1.15.3","release-1.15.4","release-1.15.5","release-1.15.6","release-1.15.7","release-1.15.8","release-1.15.9","release-1.17.0","release-1.17.1","release-1.17.10","release-1.17.2","release-1.17.3","release-1.17.4","release-1.17.5","release-1.17.6","release-1.17.7","release-1.17.8","release-1.17.9","release-1.19.0","release-1.19.1","release-1.19.10","release-1.19.2","release-1.19.3","release-1.19.4","release-1.19.5","release-1.19.6","release-1.19.7","release-1.19.8","release-1.19.9","release-1.2.0","release-1.20.0","release-1.3.0","release-1.3.1","release-1.3.10","release-1.3.11","release-1.3.12","release-1.3.13","release-1.3.14","release-1.3.15","release-1.3.16","release-1.3.2","release-1.3.3","release-1.3.4","release-1.3.5","release-1.3.6","release-1.3.7","release-1.3.8","release-1.3.9","release-1.4.0","release-1.5.0","release-1.5.1","release-1.5.10","release-1.5.11","release-1.5.12","release-1.5.13","release-1.5.2","release-1.5.3","release-1.5.4","release-1.5.5","release-1.5.6","release-1.5.7","release-1.5.8","release-1.5.9","release-1.7.0","release-1.7.1","release-1.7.10","release-1.7.11","release-1.7.12","release-1.7.2","release-1.7.3","release-1.7.4","release-1.7.5","release-1.7.6","release-1.7.7","release-1.7.8","release-1.7.9","release-1.9.0","release-1.9.1","release-1.9.10","release-1.9.11","release-1.9.12","release-1.9.13","release-1.9.14","release-1.9.15","release-1.9.2","release-1.9.3","release-1.9.4","release-1.9.5","release-1.9.6","release-1.9.7","release-1.9.8","release-1.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23017.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/openresty/openresty","events":[{"introduced":"0"},{"fixed":"a1017ea9856315486e24f8712d7b20dfd5312ceb"}],"database_specific":{"cpe":"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.19.3.2"}],"source":"CPE_FIELD"}}],"versions":["v0.8.54.3","v0.8.54.6","v1.0.10.1","v1.0.10.11","v1.0.10.13","v1.0.10.15","v1.0.10.17","v1.0.10.19","v1.0.10.21","v1.0.10.23","v1.0.10.24","v1.0.10.25","v1.0.10.27","v1.0.10.29","v1.0.10.3","v1.0.10.31","v1.0.10.33","v1.0.10.35","v1.0.10.41","v1.0.10.43","v1.0.10.44","v1.0.10.45","v1.0.10.47","v1.0.10.48","v1.0.10.5","v1.0.10.7","v1.0.10.9","v1.0.11.11","v1.0.11.15","v1.0.11.17","v1.0.11.19","v1.0.11.21","v1.0.11.23","v1.0.11.25","v1.0.11.27","v1.0.11.28","v1.0.11.3","v1.0.11.7","v1.0.11.9","v1.0.15.1","v1.0.15.10","v1.0.15.11","v1.0.15.3","v1.0.15.5","v1.0.15.7","v1.0.15.9","v1.0.4.1","v1.0.4.2","v1.0.5.0","v1.0.5.1","v1.0.6.22","v1.0.6.3","v1.0.6.5","v1.0.8.1","v1.0.8.11","v1.0.8.13","v1.0.8.15","v1.0.8.17","v1.0.8.19","v1.0.8.21","v1.0.8.26","v1.0.8.3","v1.0.8.5","v1.0.8.7","v1.0.8.9","v1.0.9.1","v1.0.9.10","v1.0.9.3","v1.0.9.5","v1.0.9.7","v1.0.9.9","v1.11.2.1","v1.11.2.2","v1.11.2.3","v1.11.2.5","v1.13.6.1","v1.13.6.2","v1.15.8.1","v1.15.8.1rc1","v1.15.8.1rc2","v1.17.8.1","v1.17.8.1rc1","v1.17.8.2","v1.19.3.1","v1.19.3.1rc0","v1.19.3.1rc1","v1.2.1.1","v1.2.1.11","v1.2.1.13","v1.2.1.14","v1.2.1.3","v1.2.1.5","v1.2.1.7","v1.2.1.9","v1.2.3.1","v1.2.3.3","v1.2.3.5","v1.2.3.7","v1.2.3.8","v1.2.4.1","v1.2.4.11","v1.2.4.13","v1.2.4.14","v1.2.4.3","v1.2.4.5","v1.2.4.7","v1.2.4.9","v1.2.6.1","v1.2.6.3","v1.2.6.5","v1.2.6.6","v1.2.7.1","v1.2.7.3","v1.2.7.5","v1.2.7.6","v1.2.8.1","v1.2.8.5","v1.2.8.6","v1.4.1.1","v1.4.1.3","v1.4.2.1","v1.4.2.3","v1.4.2.5","v1.4.2.7","v1.4.2.8","v1.4.2.9","v1.4.3.1","v1.4.3.3","v1.4.3.4","v1.4.3.6","v1.4.3.7","v1.4.3.9","v1.5.11.1","v1.5.12.1","v1.5.8.1","v1.7.0.1","v1.7.10.1","v1.7.10.2","v1.7.2.1","v1.7.7.1","v1.7.7.2","v1.9.15.1","v1.9.3.1","v1.9.3.1rc1","v1.9.3.2","v1.9.7.1","v1.9.7.2","v1.9.7.3","v1.9.7.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23017.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}]}