---

CVE-2021-3672 - log back

CVE-2021-3672 edited at 10 Aug 2021 09:56:56
Description	- Missing input validation of host names returned by Domain Name Servers in the c-ares library before version 1.17.2 can lead to output of wrong hostnames (leading to Domain Hijacking). + Missing input validation of host names returned by Domain Name Servers in the c-ares library before version 1.17.2 can lead to output of wrong hostnames (leading to domain hijacking).

CVE-2021-3672 edited at 10 Aug 2021 06:53:21
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Insufficient validation
Description	+ Missing input validation of host names returned by Domain Name Servers in the c-ares library before version 1.17.2 can lead to output of wrong hostnames (leading to Domain Hijacking).
References	+ https://c-ares.haxx.se/adv_20210810.html + https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 + https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14
Notes

CVE-2021-3672 created at 10 Aug 2021 06:48:54