6.8

CVE-2011-4315

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

Data is provided by the National Vulnerability Database (NVD)
F5Nginx Version >= 0.6.18 < 1.0.10
F5Nginx Version >= 1.1.0 <= 1.1.7
FedoraprojectFedora Version16
SuseStudio Version1.2 SwEditionstandard
SuseStudio Onsite Version1.2
SuseWebyast Version1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.81% 0.856
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://openwall.com/lists/oss-security/2011/11/17/10
Patch
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2011/11/17/8
Patch
Third Party Advisory
Mailing List
http://trac.nginx.org/nginx/changeset/4268/nginx
Patch
Vendor Advisory
Issue Tracking
http://www.nginx.org/en/CHANGES-1.0
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/50710
Third Party Advisory
VDB Entry