FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

NGINX -- 1-byte memory overwrite in resolver

Affected packages
nginx < 1.20.1
nginx-devel < 1.21.0

Details

VuXML ID 0882f019-bd60-11eb-9bdd-8c164567ca3c
Discovery 2021-05-25
Entry 2021-05-25

NGINX team reports:

1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution.

References

CVE Name CVE-2021-23017
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017