PT-2019-1582 · Nginx · Nginx Unit

Published

2019-02-07

Updated

2025-08-12

CVE-2019-7401

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NGINX Unit versions prior to 1.7.1

Description The issue is caused by a heap-based buffer overflow in the router process, potentially allowing an attacker to cause a denial of service (router process crash) or possibly have other unspecified impacts with a specially crafted request. The vulnerability may be exploited by a remote attacker to achieve these effects.

Recommendations For NGINX Unit versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the router process to minimize the risk of exploitation.

Fix

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

BDU:2019-01114

CVE-2019-7401

Affected Products

Nginx Unit

PT-2019-1582 · Nginx · Nginx Unit

CVE-2019-7401

Weakness Enumeration

Related Identifiers

Affected Products

References · 10