VDB

CVE-2021-43523

CVE-2021-43523 PUBLISHED CVSS 6.800000190734863 MEDIUM

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.

EPSS 2.89% · 86.6th percentile

Risk Scores

CVSS 2.0
6.800000190734863
EPSS Score
2.89%
86.6th percentile

Affected Products

VendorProductVersions
uclibcuclibc0
n/an/an/a
uclibc-ng_projectuclibc-ng0

Timeline

  • Nov 10, 2021 CVE Published
  • Nov 11, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Mar 2, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 27, 2022 EPSS Score
  • Aug 17, 2022 EPSS Score
  • Oct 11, 2022 EPSS Score
  • Dec 6, 2022 EPSS Score
  • Jan 30, 2023 EPSS Score
  • Mar 27, 2023 EPSS Score
  • May 21, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›