Описание
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1.14.0-0ubuntu1.7 |
| devel | not-affected | |
| esm-infra-legacy/trusty | released | 1.4.6-1ubuntu3.9+esm3 |
| esm-infra/bionic | not-affected | 1.14.0-0ubuntu1.7 |
| esm-infra/focal | not-affected | |
| esm-infra/xenial | released | 1.10.3-0ubuntu0.16.04.5+esm2 |
| focal | not-affected | |
| groovy | not-affected | |
| hirsute | not-affected | |
| impish | not-affected |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
Уязвимость модуля autoindex сервера NGINX, связанная с целочисленным переполнением, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3