CVE-2021-3672 vulnerability in C Aresproject and Other Products
Published on November 23, 2021
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2021-3672 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2021-3672
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3672 are published in these products:
Vulnerable Packages
The following package name and versions may be associated with CVE-2021-3672
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| pip | pycares | < 4.2.0 | 4.2.0 |
Exploit Probability
EPSS
0.06%
Percentile
17.04%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.