High severityNVD Advisory· Published May 20, 2021· Updated Sep 16, 2024
Remote Memory Exposure
CVE-2021-23386
Description
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dns-packetnpm | >= 2.0.0, < 5.2.2 | 5.2.2 |
dns-packetnpm | < 1.3.2 | 1.3.2 |
Affected products
2- dns-packet/dns-packetdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-3wcq-x3mq-6r9pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23386ghsaADVISORY
- github.com/mafintosh/dns-packet/commit/0d0d593f8df4e2712c43957a6c62e95047f12b2dghsaWEB
- github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56ghsax_refsource_MISCWEB
- hackerone.com/bugsghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1295719ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-DNSPACKET-1293563ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.