Unrated severityNVD Advisory· Published Nov 23, 2021· Updated Oct 15, 2024

CVE-2021-3672

Description

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Affected products

c-ares library/c-ares librarydescription
osv-coords64 versions
pkg:bitnami/node pkg:bitnami/node-min pkg:bitnami/pgbouncer pkg:rpm/almalinux/c-ares pkg:rpm/almalinux/c-ares-devel pkg:rpm/almalinux/nodejs pkg:rpm/almalinux/nodejs-devel pkg:rpm/almalinux/nodejs-docs pkg:rpm/almalinux/nodejs-full-i18n pkg:rpm/almalinux/nodejs-nodemon pkg:rpm/almalinux/nodejs-packaging pkg:rpm/almalinux/npm pkg:rpm/opensuse/c-ares&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/c-ares&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/c-ares&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/c-ares-tests&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/nodejs16&distro=openSUSE%20Tumbleweed pkg:rpm/suse/c-ares&distro=SUSE%20Enterprise%20Storage%206 pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2 pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3 pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCL pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1 pkg:rpm/suse/c-ares&distro=SUSE%20Manager%20Proxy%204.0 pkg:rpm/suse/c-ares&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0 pkg:rpm/suse/c-ares&distro=SUSE%20Manager%20Server%204.0 pkg:rpm/suse/libcares2&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/libcares2&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5 pkg:rpm/suse/libcares2&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/libcares2&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/libcares2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/libcares2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2 pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2 pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3 pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012 pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2 pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3
>= 12.0.0, < 12.12.1+ 63 more
- (no CPE)range: >= 12.0.0, < 12.12.1
- (no CPE)range: >= 12.0.0, < 12.12.1
- (no CPE)range: < 1.17.1
- (no CPE)range: < 1.13.0-6.el8
- (no CPE)range: < 1.13.0-6.el8
- (no CPE)range: < 1:12.22.5-1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1:12.22.5-1.module_el8.5.0+85+79a7b441
- (no CPE)range: < 1:12.22.5-1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1:12.22.5-1.module_el8.5.0+85+79a7b441
- (no CPE)range: < 2.0.3-1.module_el8.4.0+2521+c668cc9f
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 1:6.14.14-1.12.22.5.1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1.17.1+20200724-lp152.2.9.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.2-2.2
- (no CPE)range: < 1.17.1+20200724-lp152.2.9.1
- (no CPE)range: < 10.24.1-lp152.2.18.1
- (no CPE)range: < 10.24.1-1.39.2
- (no CPE)range: < 12.22.5-lp152.3.18.1
- (no CPE)range: < 12.22.5-4.19.1
- (no CPE)range: < 14.17.5-lp152.14.1
- (no CPE)range: < 14.17.5-5.15.5
- (no CPE)range: < 14.17.5-1.2
- (no CPE)range: < 16.6.2-2.2
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.17.1+20200724-3.14.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.7.4-7.10.3.1
- (no CPE)range: < 1.7.4-7.10.3.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 1.9.1-9.7.1
- (no CPE)range: < 10.24.1-1.42.2
- (no CPE)range: < 10.24.1-1.39.2
- (no CPE)range: < 12.22.5-1.35.1
- (no CPE)range: < 12.22.5-4.19.1
- (no CPE)range: < 12.22.5-4.19.1
- (no CPE)range: < 14.17.5-6.15.3
- (no CPE)range: < 14.17.5-5.15.5
- (no CPE)range: < 14.17.5-5.15.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202401-02mitrevendor-advisory
bugzilla.redhat.com/show_bug.cgimitre
c-ares.haxx.se/adv_20210810.htmlmitre
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfmitre
www.oracle.com/security-alerts/cpujul2022.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000