{"api_version":"1","generated_at":"2026-04-22T21:38:56+00:00","cve":"CVE-2021-3672","urls":{"html":"https://cve.report/CVE-2021-3672","api":"https://cve.report/api/cve/CVE-2021-3672.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3672","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3672"},"summary":{"title":"CVE-2021-3672","description":"A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-11-23 19:15:00","updated_at":"2024-01-05 10:15:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://c-ares.haxx.se/adv_20210810.html","name":"https://c-ares.haxx.se/adv_20210810.html","refsource":"MISC","tags":[],"title":"Missing input validation on hostnames returned by DNS servers","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202401-02","name":"GLSA-202401-02","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"200"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","refsource":"CONFIRM","tags":[],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342","refsource":"MISC","tags":[],"title":"1988342 – (CVE-2021-3672) CVE-2021-3672 c-ares: Missing input validation of host names may lead to domain hijacking","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","name":"N/A","refsource":"N/A","tags":[],"title":"Oracle Critical Patch Update Advisory - July 2022","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3672","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3672","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"c-ares_project","cpe5":"c-ares","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"12.12.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"14.14.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nodejs","cpe5":"node.js","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"1.17.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pgbouncer","cpe5":"pgbouncer","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_computer_node","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"7.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_ibm_z_systems_eus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_for_power_little_endian_eus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_aus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_tus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_tus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_update_services_for_sap_solutions","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_update_services_for_sap_solutions","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_server_update_services_for_sap_solutions","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_tus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_workstation","cpe6":"1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3672","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"siemens","cpe5":"sinec_infrastructure_network_services","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3672","qid":"159398","title":"Oracle Enterprise Linux Security Update for nodejs:12 (ELSA-2021-3623)"},{"cve":"CVE-2021-3672","qid":"159408","title":"Oracle Enterprise Linux Security Update for nodejs:14 (ELSA-2021-3666)"},{"cve":"CVE-2021-3672","qid":"159827","title":"Oracle Enterprise Linux Security Update for c-ares (ELSA-2022-2043)"},{"cve":"CVE-2021-3672","qid":"178750","title":"Debian Security Update for c-ares (DSA 4954-1)"},{"cve":"CVE-2021-3672","qid":"178751","title":"Debian Security Update for c-ares (DLA 2738-1)"},{"cve":"CVE-2021-3672","qid":"179624","title":"Debian Security Update for c-ares (CVE-2021-3672)"},{"cve":"CVE-2021-3672","qid":"198455","title":"Ubuntu Security Notification for c-ares vulnerability (USN-5034-1)"},{"cve":"CVE-2021-3672","qid":"239590","title":"Red Hat Update for rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:3281)"},{"cve":"CVE-2021-3672","qid":"239591","title":"Red Hat Update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:3280)"},{"cve":"CVE-2021-3672","qid":"239645","title":"Red Hat Update for nodejs:12 (RHSA-2021:3623)"},{"cve":"CVE-2021-3672","qid":"239654","title":"Red Hat Update for nodejs:12 (RHSA-2021:3639)"},{"cve":"CVE-2021-3672","qid":"239655","title":"Red Hat Update for nodejs:12 (RHSA-2021:3638)"},{"cve":"CVE-2021-3672","qid":"239658","title":"Red Hat Update for nodejs:14 (RHSA-2021:3666)"},{"cve":"CVE-2021-3672","qid":"240295","title":"Red Hat Update for c-ares (RHSA-2022:2043)"},{"cve":"CVE-2021-3672","qid":"281816","title":"Fedora Security Update for c (FEDORA-2021-0a60cbb948)"},{"cve":"CVE-2021-3672","qid":"281821","title":"Fedora Security Update for mingw (FEDORA-2021-001ec24fc5)"},{"cve":"CVE-2021-3672","qid":"281822","title":"Fedora Security Update for mingw (FEDORA-2021-c83b66abdb)"},{"cve":"CVE-2021-3672","qid":"281869","title":"Fedora Security Update for c (FEDORA-2021-52c89b44a9)"},{"cve":"CVE-2021-3672","qid":"296060","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 37.0.1.101.1 Missing (CPUJUL2021)"},{"cve":"CVE-2021-3672","qid":"352861","title":"Amazon Linux Security Advisory for c-ares: ALAS-2021-1545"},{"cve":"CVE-2021-3672","qid":"375877","title":"Kibana Multiple Security Vulnerabilities (ESA-2021-21, ESA-2021-22, ESA-2021-24)"},{"cve":"CVE-2021-3672","qid":"376035","title":"F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Node.js Vulnerabilities (K53225395)"},{"cve":"CVE-2021-3672","qid":"377157","title":"Alibaba Cloud Linux Security Update for nodejs:14 (ALINUX3-SA-2021:0072)"},{"cve":"CVE-2021-3672","qid":"500086","title":"Alpine Linux Security Update for c-ares"},{"cve":"CVE-2021-3672","qid":"500444","title":"Alpine Linux Security Update for nodejs"},{"cve":"CVE-2021-3672","qid":"501453","title":"Alpine Linux Security Update for nodejs"},{"cve":"CVE-2021-3672","qid":"501884","title":"Alpine Linux Security Update for nodejs-current"},{"cve":"CVE-2021-3672","qid":"502123","title":"Alpine Linux Security Update for nodejs-current"},{"cve":"CVE-2021-3672","qid":"503759","title":"Alpine Linux Security Update for c-ares"},{"cve":"CVE-2021-3672","qid":"504207","title":"Alpine Linux Security Update for nodejs"},{"cve":"CVE-2021-3672","qid":"505102","title":"Alpine Linux Security Update for nodejs-current"},{"cve":"CVE-2021-3672","qid":"670816","title":"EulerOS Security Update for c-ares (EulerOS-SA-2021-2704)"},{"cve":"CVE-2021-3672","qid":"670983","title":"EulerOS Security Update for c-ares (EulerOS-SA-2021-2679)"},{"cve":"CVE-2021-3672","qid":"670989","title":"EulerOS Security Update for c-ares (EulerOS-SA-2021-2652)"},{"cve":"CVE-2021-3672","qid":"671016","title":"EulerOS Security Update for c-ares (EulerOS-SA-2021-2623)"},{"cve":"CVE-2021-3672","qid":"671035","title":"EulerOS Security Update for c-ares (EulerOS-SA-2021-2574)"},{"cve":"CVE-2021-3672","qid":"691133","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for py39 (43e9ffd4-d6e0-11ed-956f-7054d21a9e2a)"},{"cve":"CVE-2021-3672","qid":"710820","title":"Gentoo Linux c-ares Multiple Vulnerabilities (GLSA 202401-02)"},{"cve":"CVE-2021-3672","qid":"750967","title":"SUSE Enterprise Linux Security Update for libcares2 (SUSE-SU-2021:2690-1)"},{"cve":"CVE-2021-3672","qid":"750975","title":"SUSE Enterprise Linux Security Update for c-ares (SUSE-SU-2021:2760-1)"},{"cve":"CVE-2021-3672","qid":"750979","title":"OpenSUSE Security Update for c-ares (openSUSE-SU-2021:2760-1)"},{"cve":"CVE-2021-3672","qid":"751022","title":"OpenSUSE Security Update for c-ares (openSUSE-SU-2021:1168-1)"},{"cve":"CVE-2021-3672","qid":"751061","title":"OpenSUSE Security Update for nodejs12 (openSUSE-SU-2021:2875-1)"},{"cve":"CVE-2021-3672","qid":"751071","title":"OpenSUSE Security Update for nodejs12 (openSUSE-SU-2021:1214-1)"},{"cve":"CVE-2021-3672","qid":"751093","title":"OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:2953-1)"},{"cve":"CVE-2021-3672","qid":"751112","title":"OpenSUSE Security Update for nodejs10 (openSUSE-SU-2021:1239-1)"},{"cve":"CVE-2021-3672","qid":"751171","title":"OpenSUSE Security Update for nodejs14 (openSUSE-SU-2021:3211-1)"},{"cve":"CVE-2021-3672","qid":"751178","title":"OpenSUSE Security Update for nodejs14 (openSUSE-SU-2021:1313-1)"},{"cve":"CVE-2021-3672","qid":"900407","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for c-ares (6243)"},{"cve":"CVE-2021-3672","qid":"904236","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for pgbouncer (11165)"},{"cve":"CVE-2021-3672","qid":"904268","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for pgbouncer (11139)"},{"cve":"CVE-2021-3672","qid":"940217","title":"AlmaLinux Security Update for nodejs:12 (ALSA-2021:3623)"},{"cve":"CVE-2021-3672","qid":"940388","title":"AlmaLinux Security Update for nodejs:14 (ALSA-2021:3666)"},{"cve":"CVE-2021-3672","qid":"940536","title":"AlmaLinux Security Update for c-ares (ALSA-2022:2043)"},{"cve":"CVE-2021-3672","qid":"960124","title":"Rocky Linux Security Update for c-ares (RLSA-2022:2043)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3672","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"c-ares","version":{"version_data":[{"version_value":"c-ares 1.17.2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342"},{"refsource":"MISC","name":"https://c-ares.haxx.se/adv_20210810.html","url":"https://c-ares.haxx.se/adv_20210810.html"},{"refsource":"CONFIRM","name":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujul2022.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability."}]}},"nvd":{"publishedDate":"2021-11-23 19:15:00","lastModifiedDate":"2024-01-05 10:15:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":5.6,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.2,"impactScore":3.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.17.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.7:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_computer_node:1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_workstation:1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.1.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.6.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"14.0.0","versionEndIncluding":"14.14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"12.13.0","versionEndExcluding":"12.22.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*","versionStartIncluding":"12.0.0","versionEndIncluding":"12.12.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*","versionStartIncluding":"14.15.0","versionEndExcluding":"14.17.5","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:pgbouncer:pgbouncer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.17.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3672","Ordinal":"213340","Title":"CVE-2021-3672","CVE":"CVE-2021-3672","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3672","Ordinal":"1","NoteData":"A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3672","Ordinal":"2","NoteData":"2021-11-23","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3672","Ordinal":"3","NoteData":"2021-11-23","Type":"Other","Title":"Modified"}]}}}