ALPINE-CVE-2021-3672 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2021-3672 PUBLISHED CVSS 5.599999904632568 MEDIUM

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Risk Scores

CVSS v3.1

5.599999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Alpine:v3.23	c-ares	1.9.1-r0, 0, 1.10.0-r0
Alpine:v3.21	c-ares	1.9.1-r0, 1.9.0-r0, 1.8.0-r0
Alpine:v3.19	nodejs	12.18.3-r0, 8.9.4-r0, 8.9.3-r1
Alpine:v3.22	c-ares	0, 1.10.0-r0, 1.11.0-r0
Alpine:v3.15	nodejs	6.9.2-r0, 8.11.1-r1, 8.9.3-r1
Alpine:v3.21	nodejs	0, 0, 0
Alpine:v3.15	c-ares	1.6.0-r0, 1.17.1-r1, 1.17.1-r0
Alpine:v3.13	c-ares	1.13.0-r1, 1.11.0-r0, 0
Alpine:v3.14	nodejs	6.9.2-r0, 0, 10.13.0-r0
Alpine:v3.16	nodejs	12.15.0-r2, 12.15.0-r1, 12.15.0-r0
Alpine:v3.18	nodejs	8.11.1-r2, 8.11.2-r0, 8.11.3-r0
Alpine:v3.13	nodejs	0, 10.13.0-r0, 10.14.0-r0
Alpine:v3.14	c-ares	0, 1.9.1-r0, 1.9.0-r0
Alpine:v3.17	c-ares	1.7.5-r0, 0, 1.10.0-r0
Alpine:v3.12	c-ares	1.10.0-r1, 1.7.3-r0, 1.7.4-r0
Alpine:v3.18	c-ares	1.7.0-r1, 1.13.0-r1, 1.14.0-r0
Alpine:v3.19	c-ares	1.6.0-r1, 0, 1.10.0-r0
Alpine:v3.20	c-ares	1.7.0-r0, 1.6.0-r1, 1.6.0-r0
Alpine:v3.22	nodejs	0, 0, 0
Alpine:v3.17	nodejs	12.18.4-r0, 14.15.4-r0, 10.16.0-r0

…and 6 more

Timeline

Nov 23, 2021 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2021-3672 advisory

Open in Interactive Console →