CVE-2021-3672

Sažetak

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1988342
https://c-ares.haxx.se/adv_20210810.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://security.gentoo.org/glsa/202401-02
https://www.oracle.com/security-alerts/cpujul2022.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

05-01-2024 - 10:15

Objavljeno

23-11-2021 - 19:15