{"containers":{"cna":{"affected":[{"product":"Nginx Web Server, Nginx Plus","vendor":"n/a","versions":[{"status":"affected","version":"Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1"}]}],"descriptions":[{"lang":"en","value":"A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-193","description":"CWE-193","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-07-11T15:06:16.000Z","orgId":"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab","shortName":"f5"},"references":[{"tags":["x_refsource_MISC"],"url":"https://support.f5.com/csp/article/K12331123%2C"},{"tags":["x_refsource_MISC"],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"name":"[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"},{"name":"FEDORA-2021-b37cffac0d","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"},{"name":"FEDORA-2021-393d698493","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20210708-0006/"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_MISC"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"f5sirt@f5.com","ID":"CVE-2021-23017","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Nginx Web Server, Nginx Plus","version":{"version_data":[{"version_value":"Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-193"}]}]},"references":{"reference_data":[{"name":"https://support.f5.com/csp/article/K12331123,","refsource":"MISC","url":"https://support.f5.com/csp/article/K12331123,"},{"name":"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html","refsource":"MISC","url":"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"name":"[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","refsource":"MLIST","url":"https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)","refsource":"MLIST","url":"https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"},{"name":"FEDORA-2021-b37cffac0d","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"},{"name":"FEDORA-2021-393d698493","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"},{"name":"https://www.oracle.com/security-alerts/cpuoct2021.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"name":"https://security.netapp.com/advisory/ntap-20210708-0006/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20210708-0006/"},{"name":"https://www.oracle.com/security-alerts/cpujan2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"name":"https://www.oracle.com/security-alerts/cpuapr2022.html","refsource":"MISC","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"name":"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T18:58:26.413Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://support.f5.com/csp/article/K12331123%2C"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"name":"[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"},{"name":"[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"},{"name":"FEDORA-2021-b37cffac0d","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"},{"name":"FEDORA-2021-393d698493","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20210708-0006/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"}]}]},"cveMetadata":{"assignerOrgId":"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab","assignerShortName":"f5","cveId":"CVE-2021-23017","datePublished":"2021-06-01T12:28:09.000Z","dateReserved":"2021-01-06T00:00:00.000Z","dateUpdated":"2024-08-03T18:58:26.413Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}