Home > Vulnerability Database > CVE-2021-4248

Mend.io Vulnerability Database

CVE-2021-4248

Good to know:

Date: December 18, 2022

A vulnerability was found in kapetan dns up to 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file DNS/Protocol/Request.cs. The manipulation leads to insufficient entropy in prng. The attack may be launched remotely. Upgrading to version 7.0.0 is able to address this issue. The name of the patch is cf7105aa2aae90d6656088fe5a8ee1d5730773b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216188.

Language: C#

Severity Score

9.8

Related Resources (6)

Url: https://github.com/kapetan/dns/releases/tag/v7.0.0

Url: https://github.com/kapetan/dns/commit/cf7105aa2aae90d6656088fe5a8ee1d5730773b6

Url: https://github.com/kapetan/dns/pull/88

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4248

Url: https://vuldb.com/?id.216188

Url: https://www.mend.io/vulnerability-database/CVE-2021-4248

Severity Score

9.8

Weakness Type (CWE)

Insufficient Entropy in PRNG

CWE-332

Insufficient Entropy

CWE-331

Use of Insufficiently Random Values

CWE-330

Top Fix

Upgrade Version

Upgrade to version DNS - 7.0.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4248

Good to know:

Date: December 18, 2022

Language: C#

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?