PT-2016-4399 · Nginx+3 · Nginx+3

Martin Prpič

Published

2016-01-26

Updated

2024-06-15

CVE-2016-0746

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions nginx versions 0.6.18 through 1.8.0 nginx versions 1.9.x before 1.9.10

Description A use-after-free issue in the resolver allows remote attackers to cause a denial of service, potentially crashing the worker process, or possibly have other unspecified impacts via a crafted DNS response related to CNAME response processing.

Recommendations For versions 0.6.18 through 1.8.0, update to a version outside of this range to resolve the issue. For versions 1.9.x before 1.9.10, update to version 1.9.10 or later to resolve the issue.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-1070

CVE-2016-0746

DSA-3473-1

MGASA-2016-0065

OPENSUSE-SU-2024:10044-1

RHSA-2016:1425

SUSE-SU-2016:1232-1

USN-2892-1

Affected Products

Alt Linux

Apple Macos

Nginx

Ubuntu

PT-2016-4399 · Nginx+3 · Nginx+3

CVE-2016-0746

Weakness Enumeration

Related Identifiers

Affected Products

References · 58