# N/A
## 漏洞概述
Ngix resolver存在一个安全问题,攻击者可以通过伪造来自DNS服务器的UDP数据包,导致1字节的内存覆盖,进而引起worker进程崩溃或其他潜在影响。
## 影响版本
未提供具体版本信息。
## 漏洞细节
攻击者能够伪造来自DNS服务器的UDP数据包,这将导致1字节的内存覆盖。该内存覆盖可能触发worker进程崩溃或带来其他潜在影响。
## 影响
该漏洞可能导致worker进程崩溃,并可能带来其他潜在影响。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | nginx 1.15.10 patch against cve-2021-23017 (ingress version) | https://github.com/niandy/nginx-patch | POC详情 |
| 2 | PoC for Nginx 0.6.18 - 1.20.0 Memory Overwrite Vulnerability CVE-2021-23017 | https://github.com/M507/CVE-2021-23017-PoC | POC详情 |
| 3 | None | https://github.com/lakshit1212/CVE-2021-23017-PoC | POC详情 |
| 4 | None | https://github.com/ShivamDey/CVE-2021-23017 | POC详情 |
| 5 | The issue only affects nginx if the "resolver" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to forge UDP packets from the DNS server. | https://github.com/z3usx01/CVE-2021-23017-POC | POC详情 |
| 6 | None | https://github.com/lukwagoasuman/-home-lukewago-Downloads-CVE-2021-23017-Nginx-1.14 | POC详情 |
| 7 | NGINX Security Hardening & Vulnerability Remediation Analysis of critical CVEs (CVE-2021-23017, HTTP/2 DoS flaws) in outdated NGINX versions, with actionable steps for mitigation: upgrades, HTTP/2 hardening, and patch automation. Includes Nessus scan validation and proactive monitoring strategies. | https://github.com/Cybervixy/Vulnerability-Management | POC详情 |
| 8 | NGINX DNS Overflow Vulnerability Check - CVE-2021-23017 PoC | https://github.com/moften/CVE-2021-23017 | POC详情 |
暂无评论