VDB
CVE-2021-43523
CVE-2021-43523
PUBLISHED
CVSS 6.800000190734863 MEDIUM
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.
EPSS 2.89% · 86.6th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
2.89%
86.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| uclibc | uclibc | 0 |
| n/a | n/a | n/a |
| uclibc-ng_project | uclibc-ng | 0 |
Timeline
- Nov 10, 2021 CVE Published
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Mar 2, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Aug 17, 2022 EPSS Score
- Oct 11, 2022 EPSS Score
- Dec 6, 2022 EPSS Score
- Jan 30, 2023 EPSS Score
- Mar 27, 2023 EPSS Score
- May 21, 2023 EPSS Score
References
- https://uclibc-ng.org/ advisory
- https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174 url
- https://www.openwall.com/lists/oss-security/2021/11/09/1 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-43523 advisory
- https://uclibc-ng.org url
- https://assets.belden.com/m/3fe735d8a5caf7bc/original/Belden_Security_Bulletin_BSECV-2021-15.pdf advisory
- https://assets.belden.com/m/7a85f7945bf0ac34/original/Belden_Security_Bulletin_BSECV-2022-16.pdf advisory
- https://assets.belden.com/m/63dc7ed0b78fc7ba/original/Belden_Security_Bulletin_BSECV-2021-27.pdf advisory