CVE-2021-23017 vulnerability in NGINX and Other Products
Published on June 1, 2021

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

Vendor Advisory Vendor Advisory NVD

Weakness Type

What is an off-by-five Vulnerability?

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

CVE-2021-23017 has been classified to as an off-by-five vulnerability or weakness.

Products Associated with CVE-2021-23017

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-23017 are published in these products:

nginx

Openresty

Fedora Project Fedora

F5 Networks Nginx

NetApp Ontap Select Deploy Administration Utility

Oracle Communications Control Plane Monitor

Oracle Communications Fraud Monitor

Oracle Communications Operations Monitor

Oracle Enterprise Telephony Fraud Monitor

Oracle Communications Session Border Controller

Oracle Enterprise Communications Broker

Oracle Enterprise Session Border Controller

Oracle Goldengate

Oracle Blockchain Platform

Exploit Probability

EPSS

73.17%

Percentile

98.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-23017 vulnerability in NGINX and Other ProductsPublished on June 1, 2021

Weakness Type

What is an off-by-five Vulnerability?

Products Associated with CVE-2021-23017

Exploit Probability

CVE-2021-23017 vulnerability in NGINX and Other Products
Published on June 1, 2021