VDB
ALPINE-CVE-2021-23017
ALPINE-CVE-2021-23017
PUBLISHED
CVSS 7.699999809265137 HIGH
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.23 | nginx | 0.8.53-r0, 1.0.11-r1, 1.0.14-r0 |
| Alpine:v3.13 | nginx | 1.16.1-r5, 0.8.53-r0, 0.8.54-r1 |
| Alpine:v3.20 | nginx | 0, 0, 1.9.14-r1 |
| Alpine:v3.16 | nginx | 1.18.0-r7, 0, 0.8.53-r0 |
| Alpine:v3.10 | nginx | 1.0.11-r1, 0, 0 |
| Alpine:v3.17 | nginx | 1.4.7-r0, 1.4.1-r0, 1.4.2-r0 |
| Alpine:v3.19 | nginx | 1.6.2-r3, 0.8.53-r0, 0 |
| Alpine:v3.12 | nginx | 1.16.1-r2, 1.16.1-r0, 1.16.0-r2 |
| Alpine:v3.24 | nginx | 0 |
| Alpine:v3.11 | nginx | 1.2.3-r0, 1.8.1-r0, 1.8.1-r1 |
| Alpine:v3.15 | nginx | 1.8.0-r1, 1.9.14-r0, 1.9.11-r0 |
| Alpine:v3.18 | nginx | 1.6.0-r3, 1.6.2-r0, 1.6.2-r1 |
| Alpine:v3.14 | nginx | 0.8.54-r0, 0.8.54-r1, 1.0.11-r0 |
| Alpine:v3.22 | nginx | 1.0.11-r1, 1.0.11-r0, 0.8.54-r1 |
| Alpine:v3.21 | nginx | 1.9.14-r1, 1.9.14-r0, 1.9.11-r0 |
Exploit Intelligence
- lakshit1212/CVE-2021-23017-PoC (github-poc-repo)
- ShivamDey/CVE-2021-23017 (github-poc-repo)
- PoC for Nginx 0.6.18 - 1.20.0 Memory Overwrite Vulnerability CVE-2021-23017 (github-poc-repo)
- The issue only affects nginx if the "resolver" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to forge UDP packets from the DNS server. (github-poc-repo)
- lukwagoasuman/-home-lukewago-Downloads-CVE-2021-23017-Nginx-1.14 (github-poc-repo)
- NGINX Security Hardening & Vulnerability Remediation Analysis of critical CVEs (CVE-2021-23017, HTTP/2 DoS flaws) in outdated NGINX versions, with actionable steps for mitigation: upgrades, HTTP/2 hardening, and patch automation. Includes Nessus scan validation and proactive monitoring strategies. (github-poc-repo)
- NGINX DNS Overflow Vulnerability Check - CVE-2021-23017 PoC (github-poc-repo)
- vulnerability in NGINX servers (versions 0.6.18–1.20.0). The scripts aim to cause a Denial of Service (DoS) by sending malicious DNS responses, with enhancements to bypass firewalls. (github-poc-repo)
- vulnerability in NGINX servers (versions 0.6.18–1.20.0). The scripts aim to cause a Denial of Service (DoS) by sending malicious DNS responses, with enhancements to bypass firewalls. (github-poc)
- NGINX DNS Overflow Vulnerability Check - CVE-2021-23017 PoC (github-poc)
…and 15 more exploits
Timeline
- Jun 1, 2021 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated