Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-23017 |
CWE-ID | CWE-193 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
IBM API Connect Client/Desktop applications / Office applications |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU53543
Risk: High
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-23017
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error within the ngx_resolver_copy()
function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM API Connect: 5.0.0 - 5.0.8.11
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-impacted-by-a-vulnerability-in-nginx-cve-2021-23017/
http://www.ibm.com/support/pages/node/6483657
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.