CVE-2016-0742

Опубликовано: 26 янв. 2016

Источник: redhat

CVSS2: 4.3

EPSS Высокий

Описание

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Software Collections	nginx16-nginx	Will not fix
Red Hat Software Collections for Red Hat Enterprise Linux 6	rh-nginx18-nginx	Fixed	RHSA-2016:1425	14.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS	rh-nginx18-nginx	Fixed	RHSA-2016:1425	14.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS	rh-nginx18-nginx	Fixed	RHSA-2016:1425	14.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-nginx18-nginx	Fixed	RHSA-2016:1425	14.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS	rh-nginx18-nginx	Fixed	RHSA-2016:1425	14.07.2016
Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS	rh-nginx18-nginx	Fixed	RHSA-2016:1425	14.07.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1302587nginx: invalid pointer dereference in resolver

EPSS

Процентиль: 99%

0.80364

Высокий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-0742

CVSS3: 7.5

ubuntu

почти 10 лет назад

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

CVE-2016-0742

CVSS3: 7.5

nvd

почти 10 лет назад

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

CVE-2016-0742

CVSS3: 7.5

debian

почти 10 лет назад

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...

GHSA-x98p-wfj9-8f25

CVSS3: 7.5

github

больше 3 лет назад

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

BDU:2016-00707

fstec

почти 10 лет назад

Уязвимость прокси-сервера nginx, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 99%

0.80364

Высокий

4.3 Medium

CVSS2