PT-2021-5832 · C-Ares+10 · C-Ares+10

Published

2021-08-10

·

Updated

2026-05-18

·

CVE-2021-3672

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions c-ares library (affected versions not specified)
Description The issue is related to a flaw in the c-ares library, where a missing input validation check of host names returned by DNS can lead to output of wrong hostnames, potentially resulting in Domain Hijacking. This poses a threat to confidentiality, integrity, and system availability, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2021:3623
ALSA-2021:3666
ALSA-2022:2043
ALT-PU-2021-2494
ALT-PU-2021-2497
ALT-PU-2021-2508
ALT-PU-2021-2550
ALT-PU-2021-2577
ALT-PU-2022-3071
ALT-PU-2022-3073
ALT-PU-2024-13743
ALT-PU-2025-6604
ALT-PU-2025-6618
ALT-PU-2025-6834
AZL-38359
BDU:2022-00342
BIT-NODE-2021-3672
BIT-NODE-MIN-2021-3672
BIT-PGBOUNCER-2021-3672
CESA-2021_3623
CESA-2021_3666
CESA-2022_2043
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2021-3672
DLA-2738-1
DSA-4954-1
MGASA-2021-0453
MGASA-2021-0463
OESA-2021-1313
OPENSUSE-SU-2021:1168-1
OPENSUSE-SU-2021:1214-1
OPENSUSE-SU-2021:1239-1
OPENSUSE-SU-2021:1313-1
OPENSUSE-SU-2021:2760-1
OPENSUSE-SU-2021:2875-1
OPENSUSE-SU-2021:2953-1
OPENSUSE-SU-2021:3211-1
OPENSUSE-SU-2021_1168-1
OPENSUSE-SU-2021_1214-1
OPENSUSE-SU-2021_1239-1
OPENSUSE-SU-2021_1313-1
OPENSUSE-SU-2021_2760-1
OPENSUSE-SU-2021_2875-1
OPENSUSE-SU-2021_2953-1
OPENSUSE-SU-2021_3211-1
OPENSUSE-SU-2024:10668-1
OPENSUSE-SU-2024:11096-1
OPENSUSE-SU-2024:11097-1
RHSA-2021:3280
RHSA-2021:3281
RHSA-2021:3623
RHSA-2021:3638
RHSA-2021:3639
RHSA-2021:3666
RHSA-2021_3623
RHSA-2021_3666
RHSA-2022:2043
RHSA-2022_2043
RLSA-2021:3623
RLSA-2021:3666
RLSA-2022:2043
SUSE-SU-2021:14776-1
SUSE-SU-2021:2690-1
SUSE-SU-2021:2760-1
SUSE-SU-2021:2823-1
SUSE-SU-2021:2824-1
SUSE-SU-2021:2875-1
SUSE-SU-2021:2953-1
SUSE-SU-2021:3184-1
SUSE-SU-2021:3211-1
SUSE-SU-2021_14776-1
SUSE-SU-2021_2690-1
SUSE-SU-2021_2760-1
USN-5034-1
USN-5034-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
C-Ares