CVE-2021-23386 HIGH

CVE-2021-23386: Remote Memory Exposure

Vendor N/A
Product dns-packet
Published May 20, 2021
Last update September 16, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

Key dates

02Disclosure timeline

May 20, 2021 CVE published
September 16, 2024 Record updated