{
  "threat_severity" : "Important",
  "public_date" : "2021-05-25T00:00:00Z",
  "bugzilla" : {
    "description" : "nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name",
    "id" : "1963121",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1963121"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-193",
  "details" : [ "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.", "A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in certain circumstances. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "affected_release" : [ {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/3scale-rhel7-operator:1.14.0-4"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/3scale-rhel7-operator-metadata:2.11.0-16"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/apicast-rhel7-operator:1.14.0-3"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/apicast-rhel7-operator-metadata:2.11.0-9"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/memcached-rhel7:1.4.16-38"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 7",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el7",
    "package" : "3scale-amp2/system-rhel7:1.15.0-8"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/apicast-gateway-rhel8:1.20.0-6"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/backend-rhel8:1.14.0-3"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/toolbox-rhel8:1.6.0-7"
  }, {
    "product_name" : "3scale API Management 2.11 on RHEL 8",
    "release_date" : "2021-10-14T00:00:00Z",
    "advisory" : "RHSA-2021:3851",
    "cpe" : "cpe:/a:redhat:3scale_amp:2.11::el8",
    "package" : "3scale-amp2/zync-rhel8:1.14.0-3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.1 for RHEL 8",
    "release_date" : "2021-09-23T00:00:00Z",
    "advisory" : "RHSA-2021:3653",
    "cpe" : "cpe:/a:redhat:acm:2.1::el8",
    "package" : "rhacm2/acm-must-gather-rhel8:v2.1.11-2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7",
    "release_date" : "2021-10-20T00:00:00Z",
    "advisory" : "RHSA-2021:3925",
    "cpe" : "cpe:/a:redhat:acm:2.3::el7",
    "package" : "rhacm2/management-ingress-rhel7:v2.3.3-3"
  }, {
    "product_name" : "Red Hat Ansible Tower 3.8 for RHEL 7",
    "release_date" : "2021-09-08T00:00:00Z",
    "advisory" : "RHBA-2021:3472",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:3.8::el7",
    "package" : "ansible-tower-38/ansible-tower-rhel7:3.8.4-1"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 7",
    "release_date" : "2021-07-29T00:00:00Z",
    "advisory" : "RHBA-2021:2955",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el7",
    "package" : "automation-hub-0:4.2.5-1.el7pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 7",
    "release_date" : "2021-07-29T00:00:00Z",
    "advisory" : "RHBA-2021:2955",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el7",
    "package" : "python-galaxy-ng-0:4.2.5-2.el7pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 7",
    "release_date" : "2021-07-29T00:00:00Z",
    "advisory" : "RHBA-2021:2955",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el7",
    "package" : "python-pulpcore-0:3.7.6-1.el7pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 8",
    "release_date" : "2021-07-29T00:00:00Z",
    "advisory" : "RHBA-2021:2955",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el8",
    "package" : "automation-hub-0:4.2.5-1.el8pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 8",
    "release_date" : "2021-07-29T00:00:00Z",
    "advisory" : "RHBA-2021:2955",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el8",
    "package" : "python-galaxy-ng-0:4.2.5-2.el8pc"
  }, {
    "product_name" : "Red Hat Automation Hub 4.2 for RHEL 8",
    "release_date" : "2021-07-29T00:00:00Z",
    "advisory" : "RHBA-2021:2955",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:4.2::el8",
    "package" : "python-pulpcore-0:3.7.6-1.el8pc"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-06-07T00:00:00Z",
    "advisory" : "RHSA-2021:2259",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "nginx:1.18-8040020210526100943.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-06-08T00:00:00Z",
    "advisory" : "RHSA-2021:2290",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "nginx:1.16-8040020210526102347.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-01-31T00:00:00Z",
    "advisory" : "RHSA-2022:0323",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "nginx:1.20-8050020211221125012.c5368500"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-06-08T00:00:00Z",
    "advisory" : "RHSA-2021:2290",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "nginx:1.16-8010020210526102741.c27ad7f8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-06-08T00:00:00Z",
    "advisory" : "RHSA-2021:2290",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "nginx:1.16-8020020210526102648.4cda2c84"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2021-06-07T00:00:00Z",
    "advisory" : "RHSA-2021:2258",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-nginx118-nginx-1:1.18.0-3.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2021-06-07T00:00:00Z",
    "advisory" : "RHSA-2021:2278",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-nginx116-nginx-1:1.16.1-6.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS",
    "release_date" : "2021-06-07T00:00:00Z",
    "advisory" : "RHSA-2021:2258",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-nginx118-nginx-1:1.18.0-3.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS",
    "release_date" : "2021-06-07T00:00:00Z",
    "advisory" : "RHSA-2021:2278",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-nginx116-nginx-1:1.16.1-6.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "nginx:1.14/nginx",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "nginx",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-23017\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23017" ],
  "name" : "CVE-2021-23017",
  "csaw" : false
}