DNS Resolver Vulnerability

48 views
Skip to first unread message

Oswaldo Garcia

unread,
May 27, 2021, 10:59:58 AMMay 27
to openresty-en
Hey All,

Does anybody know when the nginx core is going to be upgraded to the latest version 1.21.0 which is the one that include the fix for CVE-2021-23017.?

"*) Security: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution (CVE-2021-23017)."

I'm running openresty version 1.17.8.2 and I could go to the latest one 1.19.3.1 but 1.19 is running nginx core 1.19.3 which is also affected by the CVE.

Thanks,
Reply all
Reply to author
Forward
0 new messages