Lucene search

K

Veracode Vulnerability DatabaseVERACODE:12093

HistoryJan 15, 2019 - 9:12 a.m.

Denial Of Service (DoS)

2019-01-1509:12:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.871

Percentile

98.6%

nginx is vulnerable to denial of service. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration.

References

lists.opensuse.org/opensuse-updates/2016-02/msg00042.html

mailman.nginx.org/pipermail/nginx/2016-January/049700.html

seclists.org/fulldisclosure/2021/Sep/36

www.debian.org/security/2016/dsa-3473

www.securitytracker.com/id/1034869

www.ubuntu.com/usn/USN-2892-1

access.redhat.com/errata/RHSA-2016:1425

access.redhat.com/security/updates/classification/#moderate

bto.bluecoat.com/security-advisory/sa115

bugzilla.redhat.com/show_bug.cgi?id=1302587

security.gentoo.org/glsa/201606-06

support.apple.com/kb/HT212818

EPSS

0.871

Percentile

98.6%

Related for VERACODE:12093

nvd1 cve1 checkpoint_advisories1 debian3 debiancve1 prion1 openvas8 ubuntucve1 nginx1 nessus10 cvelist1 archlinux1 symantec1 mageia1 amazon1 altlinux1 f52 fedora2 freebsd1 ubuntu1 ibm2 redhat1 gentoo1 apple1