CVE-2021-43523

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43523
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43523.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43523
Published
2021-11-10T15:15:12Z
Modified
2025-01-15T02:07:11.169243Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.

References

Affected packages

Debian:11 / uclibc

Package

Name
uclibc
Purl
pkg:deb/debian/uclibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.35-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / uclibc

Package

Name
uclibc
Purl
pkg:deb/debian/uclibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.35-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / uclibc

Package

Name
uclibc
Purl
pkg:deb/debian/uclibc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.35-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/wbx-github/uclibc-ng

Affected ranges

Type
GIT
Repo
https://github.com/wbx-github/uclibc-ng
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.27
v1.0.28
v1.0.29
v1.0.30
v1.0.31
v1.0.32
v1.0.33
v1.0.34
v1.0.35
v1.0.36
v1.0.37
v1.0.38
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9