vulnerability
Red Hat: CVE-2021-3672: CVE-2021-3672 c-ares: Missing input validation of host names may lead to domain hijacking (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Sep 21, 2021 | Sep 22, 2021 | Mar 27, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Sep 21, 2021
Added
Sep 22, 2021
Modified
Mar 27, 2026
Description
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Solutions
redhat-upgrade-c-aresredhat-upgrade-c-ares-debuginforedhat-upgrade-c-ares-debugsourceredhat-upgrade-c-ares-develredhat-upgrade-nodejsredhat-upgrade-nodejs-debuginforedhat-upgrade-nodejs-debugsourceredhat-upgrade-nodejs-develredhat-upgrade-nodejs-docsredhat-upgrade-nodejs-full-i18nredhat-upgrade-nodejs-nodemonredhat-upgrade-nodejs-packagingredhat-upgrade-npm
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.