PT-2016-4399 · Nginx+3 · Nginx+3

Martin Prpič

·

Publicado

2016-01-26

·

Atualizado

2024-06-15

·

CVE-2016-0746

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions nginx versions 0.6.18 through 1.8.0 nginx versions 1.9.x before 1.9.10
Description A use-after-free issue in the resolver allows remote attackers to cause a denial of service, potentially crashing the worker process, or possibly have other unspecified impacts via a crafted DNS response related to CNAME response processing.
Recommendations For versions 0.6.18 through 1.8.0, update to a version outside of this range to resolve the issue. For versions 1.9.x before 1.9.10, update to version 1.9.10 or later to resolve the issue.

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-1070
CVE-2016-0746
DSA-3473-1
MGASA-2016-0065
OPENSUSE-SU-2024:10044-1
RHSA-2016:1425
SUSE-SU-2016:1232-1
USN-2892-1

Produtos afetados

Alt Linux
Apple Macos
Nginx
Ubuntu