[NGINX:CVE-2016-0746] Use-after-free during CNAME response processing in resolver
Severity
Medium
Affected Packages
1
Unaffected Packages
2
CVEs
1
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
| Package | Affected Version |
|---|---|
 pkg:nginx/nginx
|
>= 0.6.18, <= 1.9.9 |
| Package | Unaffected Version |
|---|---|
|
pkg:nginx/nginx
|
>= 1.9.10 |
|
pkg:nginx/nginx
|
>= 1.8.1 |
- ID
- NGINX:CVE-2016-0746
- Severity
- medium
- Published
-
2016-02-15T19:59:01
(8 years ago) - Modified
-
2016-02-15T19:59:01
(8 years ago) - Rights
- NGINX Security Team
- Other Advisories
ALAS-2016-655
DSA-3473-1
FEDORA-2016-bf03932bb3
FREEBSD:C1C18EE1-C711-11E5-96D6-14DAE9D210B8
GLSA-201606-06
SUSE-SU-2016:1232-1
USN-2892-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |