CVE-2021-21323

Sep 3, 2024

Published Date: 2021-02-23T23:15Z

Last Modified: 2021-03-01T16:14Z

CVSS Score: 5.3 (MEDIUM)

EPSS Score: 0.08%

Risk Score: 3.71 (MEDIUM)

Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.

CVSS: 5.3 | EPSS: 0.08%

NVD Links:

https://nvd.nist.gov/vuln/detail/CVE-2021-21323

Description: Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108

Mitre ATT&CK Technical v15.1

T1590.002 – DNS
T1071.004 – DNS
T1153 – Source
T1090 – Proxy
T1053.002 – At

Technical Analysis & Mitigation Measures

Reference Links

https://github.com/brave/brave-browser/issues/13527
https://github.com/brave/brave-core/pull/7769
https://github.com/brave/brave-browser/security/advisories/GHSA-mqjf-9x5g-2rv6
https://github.com/brave/brave-core/commit/12fe321eaad8acc1cbd1d70b4128f687777bcf15
https://hackerone.com/reports/1077022

Vendor - Produce - Version

brave - brave

Disclaimer

The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.