PT-2021-15480 · Unknown · Dns-Packet

Chalker

Published

2021-05-20

Updated

2022-07-12

CVE-2021-23386

CVSS v3.1

7.7

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L

Name of the Vulnerable Software and Affected Versions dns-packet versions prior to 5.2.2

Description The issue arises from the creation of buffers with allocUnsafe that are not always filled before forming network packets. This can lead to the exposure of internal application memory over an unencrypted network when querying crafted invalid domain names.

Recommendations For versions prior to 5.2.2, update to version 5.2.2 or later to resolve the issue.

Fix

Information Disclosure

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-200CWE-908

Related Identifiers

CVE-2021-23386

GHSA-3WCQ-X3MQ-6R9P

SNYK-JAVA-ORGWEBJARSNPM-1295719

SNYK-JS-DNSPACKET-1293563

Affected Products

Dns-Packet

PT-2021-15480 · Unknown · Dns-Packet

CVE-2021-23386

Weakness Enumeration

Related Identifiers

Affected Products

References · 8