CVE-2021-43523 – This vulnerability in uClibc and uClibc-ng allo... (How to Fix)

Q: What is the severity of CVE-2021-43523?

CVE-2021-43523 has a CVSS score of 9.6 (CRITICAL). This vulnerability in uClibc and uClibc-ng allows DNS responses containing special characters to bypass validation, potentially leading to incorrect hostname resolution or injection attacks. It affects systems using these C libraries for DNS lookups via functions like gethostbyname and getaddrinfo. The lack of proper validation in the stub resolver enables various injection scenarios.

📋 TL;DR

This vulnerability in uClibc and uClibc-ng allows DNS responses containing special characters to bypass validation, potentially leading to incorrect hostname resolution or injection attacks. It affects systems using these C libraries for DNS lookups via functions like gethostbyname and getaddrinfo. The lack of proper validation in the stub resolver enables various injection scenarios.

💻 Affected Systems

Products:

uClibc
uClibc-ng

Versions: All versions before 1.0.39

Operating Systems: Linux distributions using uClibc/uClibc-ng (commonly embedded systems, routers, IoT devices)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any application using gethostbyname, getaddrinfo, gethostbyaddr, or getnameinfo functions from these libraries. Common in embedded Linux systems.

📦 What is this software?

Uclibc by Uclibc

View all CVEs affecting Uclibc →

Uclibc Ng by Uclibc Ng Project

View all CVEs affecting Uclibc Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through application injection, domain hijacking enabling man-in-the-middle attacks, or complete system compromise via malicious DNS responses.

🟠

Likely Case

Application crashes, cross-site scripting (XSS) in web applications using affected DNS functions, or incorrect domain resolution leading to service disruption.

🟢

If Mitigated

Limited impact with proper network segmentation, DNS filtering, and application-level input validation preventing exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires control over DNS responses or ability to poison DNS cache. Public proof-of-concept demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.39 and later

Vendor Advisory: https://uclibc-ng.org/

Restart Required: Yes

Instructions:

1. Update uClibc/uClibc-ng to version 1.0.39 or later. 2. Recompile affected applications with updated library. 3. Restart services using the patched library. 4. For embedded systems, update firmware or rebuild system image.

🔧 Temporary Workarounds

DNS Response Filtering

all

Implement DNS filtering at network perimeter to block responses containing special characters in hostnames

Application Input Validation

all

Add application-level validation of hostnames returned by DNS functions before processing

🧯 If You Can't Patch

Implement strict DNS filtering at network boundaries to block malicious responses
Isolate affected systems in segmented networks with limited external DNS access

🔍 How to Verify

Check if Vulnerable:

Check uClibc/uClibc-ng version: ldd --version or check library files. If version < 1.0.39, system is vulnerable.

Check Version:

ldd --version | grep -i uclibc || strings /lib/libc.so.* | grep -i uclibc

Verify Fix Applied:

Verify uClibc/uClibc-ng version is 1.0.39 or later. Test DNS functions with specially crafted responses to ensure proper validation.

📡 Detection & Monitoring

Log Indicators:

Unusual DNS query patterns
Application crashes after DNS lookups
Unexpected hostname resolutions in application logs

Network Indicators:

DNS responses containing special characters (non-alphanumeric) in hostname fields
Unusual DNS traffic to/from embedded devices

SIEM Query:

dns.query.name contains special characters AND (device.vendor contains "embedded" OR os.name contains "uclibc")

📊 Metadata

CVE ID: CVE-2021-43523

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: November 10, 2021

Last Updated: May 5, 2025

🔗 References

https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174 Patch,Third Party Advisory
https://uclibc-ng.org/ Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/11/09/1 Exploit,Mailing List,Third Party Advisory
https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174 Patch,Third Party Advisory
https://uclibc-ng.org/ Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/11/09/1 Exploit,Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43523, you might also want to check these: