VYPR
High severityNVD Advisory· Published May 20, 2021· Updated Sep 16, 2024

Remote Memory Exposure

CVE-2021-23386

Description

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dns-packetnpm
>= 2.0.0, < 5.2.25.2.2
dns-packetnpm
< 1.3.21.3.2

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.