CVE-2011-4315

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

References

http://openwall.com/lists/oss-security/2011/11/17/10

http://trac.nginx.org/nginx/changeset/4268/nginx

http://www.nginx.org/en/CHANGES-1.0

http://openwall.com/lists/oss-security/2011/11/17/8

http://www.securityfocus.com/bid/50710

http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html

http://secunia.com/advisories/47097

http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html

http://security.gentoo.org/glsa/glsa-201203-22.xml

http://secunia.com/advisories/48577

Details

Source: MITRE

Published: 2011-12-08

Updated: 2021-11-10

Type: CWE-787

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
75979openSUSE Security Update : nginx-0.8 (openSUSE-SU-2012:0237-1)NessusSuSE Local Security Checks
medium
74524openSUSE Security Update : nginx-1.0 (openSUSE-2011-48)NessusSuSE Local Security Checks
medium
69589Amazon Linux AMI : nginx (ALAS-2011-30)NessusAmazon Linux Local Security Checks
medium
59614GLSA-201203-22 : nginx: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
6456nginx < 1.0.10 DNS Resolver Remote Heap Buffer OverflowNessus Network MonitorWeb Servers
medium
58413nginx < 1.0.10 ngx_resolver_copy Function DNS Response Parsing Buffer OverflowNessusWeb Servers
medium
57007Fedora 15 : nginx-1.0.10-1.fc15 (2011-16110)NessusFedora Local Security Checks
medium
57006Fedora 16 : nginx-1.0.10-1.fc16 (2011-16075)NessusFedora Local Security Checks
medium