CVE-2021-23386

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23386

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23386.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23386

Aliases

GHSA-3wcq-x3mq-6r9p

Related

SNYK-JAVA-ORGWEBJARSNPM-1295719
SNYK-JS-DNSPACKET-1293563

Published

2021-05-20T17:15:07Z

Modified

2025-01-08T10:41:55.398442Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

References

Affected packages

Git / github.com/mafintosh/dns-packet

Affected ranges

Type: GIT
Repo: https://github.com/mafintosh/dns-packet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

25f15dd0fedc53688b25fd053ebbdffe3d5c1c56

Fixed

25f15dd0fedc53688b25fd053ebbdffe3d5c1c56

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v2.*

v2.0.0

v3.*

v3.0.0

v3.0.1

v4.*

v4.0.0

v4.1.0

v4.1.1

v4.2.0

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0

v5.1.1

v5.1.2

v5.2.0

v5.2.1