CVE-2011-4315

CVSS v2.0 6.8 (Medium)

EPSS 0.66 % (80^th)

Affected Products 5

Advisories 5

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2011-12-08 20:55:01
(12 years ago)
Updated Date: 2021-11-10 15:54:43
(2 years ago)

Affected Products

F5

Nginx

Fedoraproject

Fedora

Suse

Configuration #1

		CPE23	From	Up To
	F5 Nginx from 0.6.18 version and prior 1.0.10 version	cpe:2.3:a:f5:nginx	>= 0.6.18	< 1.0.10
	F5 Nginx from 1.1.0 version and 1.1.7 and prior versions	cpe:2.3:a:f5:nginx	>= 1.1.0	<= 1.1.7

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 16	cpe:2.3:o:fedoraproject:fedora:16

Configuration #3

		CPE23	From	Up To
	Suse Studio 1.2	cpe:2.3:a:suse:studio:1.2:::*:standard
	Suse Studio Onsite 1.2	cpe:2.3:a:suse:studio_onsite:1.2
	Suse Webyast 1.2	cpe:2.3:a:suse:webyast:1.2