MidnightBSD

Advisories for dns-packet_project

CVE-2021-23386 MEDIUM

This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
report@snyk.io 7.7 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L 1.8 5.3

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-909,

Products Affected

Vendor Product Version
dns-packet_project dns-packet *