### [CVE-2021-23017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017)
![](https://img.shields.io/static/v1?label=Product&message=Nginx%20Web%20Server%2C%20Nginx%20Plus&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Nginx%20Web%20Server%20versions%200.6.18%20thru%201.20.0%20before%201.20.1%2C%20Nginx%20plus%20versions%20R13%20thru%20R23%20before%20R23%20P1.%20Nginx%20plus%20version%20R24%20before%20R24%20P1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-193&color=brightgreen)

### Description

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

### POC

#### Reference
- http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html

#### Github
- https://github.com/0xb0rn3/r3cond0g
- https://github.com/631068264/multi-cluster-ingress-nginx
- https://github.com/6lj/EVIL-CVE-2021-23017-Update-2025
- https://github.com/ANJITH01/Nginx-Ingress-HELM
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Antares-abraxas/vk7
- https://github.com/Aswinisurya99/ingress-ngininx
- https://github.com/Bacon-Unlimited/security-patches
- https://github.com/ChiomaDibor/Vulnerability-Management-of-a-Web-Server-Using-Nessus-and-Patch-Management-with-Ansible
- https://github.com/Cybervixy/Vulnerability-Management
- https://github.com/DeCryptMan/Nexus
- https://github.com/Deeoojo/Vulnerability-Management-Nessus-Ansible-
- https://github.com/Dextan-solutions/shodan_network_scanner
- https://github.com/Dhruv3215/Task---3-Elevate-labs-vulnerability-scan
- https://github.com/Dorakhris/Vulnerability-Assessment-lab
- https://github.com/Hopecount123/ingress-controller-update
- https://github.com/Inspur-Data/ingress-nginx
- https://github.com/Inspur-Data/ingress-nginx-controller-gm
- https://github.com/KnuckleSecurity/INTERNI-TEKNOLOJI-TASK
- https://github.com/Logeswark/helmpackage
- https://github.com/M507/CVE-2021-23017-PoC
- https://github.com/M507/M507
- https://github.com/MrE-Fog/ingress-nginxx
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Oju-kwu/Vulnerability-Management-Lab
- https://github.com/PuddinCat/GithubRepoSpider
- https://github.com/R0X4R/Indra
- https://github.com/R0X4R/indraa
- https://github.com/ReturnRei/Snort_poc
- https://github.com/Rohan-flutterint/ingress-nginx
- https://github.com/SYRTI/POC_to_review
- https://github.com/Samuelade24/WebVuln-Scanner---Automated-Penetration-Testing-Tool
- https://github.com/ShivamDey/CVE-2021-23017
- https://github.com/StuartDickenson/ingress-nginx
- https://github.com/Teedico/Nessus_Vulnerability_Assessment
- https://github.com/WhooAmii/POC_to_review
- https://github.com/adityamillind98/ngins
- https://github.com/adityamillind98/nginx
- https://github.com/andreyk444/Ansible-playbook
- https://github.com/asifmasroorDevOpsengineer/ingrss-nginx
- https://github.com/bollwarm/SecToolSet
- https://github.com/bustinjeaber/ansible_playbook_vuln
- https://github.com/caojian12345/ingress-nginx
- https://github.com/carayev/kubernetes-nginx-ingress
- https://github.com/chrisaondo/Vulnerability-Assessment
- https://github.com/doudou147/ingress-nginx
- https://github.com/eggkingo/polyblog
- https://github.com/gmk-git/Kubernetes-Ingress
- https://github.com/jarinlima/k8s-ingress-controller-old
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kartikeyaexpd/ingress-nginx
- https://github.com/kdairatchi/TechStack
- https://github.com/kmukoo101/CVEye
- https://github.com/krlabs/nginx-vulnerabilities
- https://github.com/kubernetes/ingress-nginx
- https://github.com/lakshit1212/CVE-2021-23017-PoC
- https://github.com/lemonhope-mz/replica_kubernetes-nginx
- https://github.com/lukwagoasuman/-home-lukewago-Downloads-CVE-2021-23017-Nginx-1.14
- https://github.com/luyuehm/ingress-nginx
- https://github.com/maksonlee/ingress-nginx
- https://github.com/manas3c/CVE-POC
- https://github.com/moften/CVE-2021-23017
- https://github.com/moften/MalformedDNSQueryNginx
- https://github.com/msyhu/ingress-nginx
- https://github.com/niandy/nginx-patch
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/richardwaters9049/pen-report
- https://github.com/rmtec/modeswitcher
- https://github.com/rohan-flutterint/ingress-nginx
- https://github.com/rohankumardubey/ingress-nginx
- https://github.com/ryanarabety/ingress-nginx-Kubernetes
- https://github.com/shaundaley39/ingress-nginx
- https://github.com/shoebece/nginx-ingress
- https://github.com/soosmile/POC
- https://github.com/teresaweber685/book_list
- https://github.com/trhacknon/Pocingit
- https://github.com/vshaliii/DC-4-Vulnhub-Walkthrough
- https://github.com/wallarm/ingress
- https://github.com/whoforget/CVE-POC
- https://github.com/youwizard/CVE-POC
- https://github.com/z3usx01/CVE-2021-23017-POC
- https://github.com/zecool/cve
- https://github.com/zlz4642/ingress-nginx