← Zuruck zu CVEs
CVE-2021-23386
HIGH7.7
Beschreibung
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
CVE Details
CVSS v3.1 Bewertung7.7
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht5/20/2021
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
dns-packet_project:dns-packet
Schwachen (CWE)
CWE-909
Referenzen
https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56(report@snyk.io)
https://hackerone.com/bugs?subject=user&%3Breport_id=968858(report@snyk.io)
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719(report@snyk.io)
https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563(report@snyk.io)
https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/bugs?subject=user&%3Breport_id=968858(af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719(af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JS-DNSPACKET-1293563(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.