Описание
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
A use-after-free flaw was found in the way nginx resolved certain CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash or, possibly, execute arbitrary code if nginx enabled the resolver in its configuration.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Software Collections | nginx16-nginx | Will not fix | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS | rh-nginx18-nginx | Fixed | RHSA-2016:1425 | 14.07.2016 |
Показывать по
Дополнительная информация
Статус:
5.1 Medium
CVSS2
Связанные уязвимости
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1 ...
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
5.1 Medium
CVSS2