CVE-2021-23386

Medium

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network…

snyk·CWE-909·Published 2021-05-20

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

260 chars

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

NVDen

260 chars

OSV.deven

279 chars

This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

GHSAen

279 chars

NVDes

315 chars

Esto afecta al paquete dns-packet versión anterior a 5.2.2. Crea búferes con el parámetro allocUnsafe y no siempre los llena antes de formar paquetes de red. Esto puede exponer la memoria interna de la aplicación por medio de una red no cifrada cuando se consultan nombres de dominio no válidos diseñados

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.0	8.0	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
3.1	Primary	cve.org	7.7	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
3.1	Primary	cve.org	7.7	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	7.7	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
3.1	Secondary	NVD	7.7	1.8	5.3	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L