2 matches found
K95120415: NGINX Controller AVRD vulnerability CVE-2020-5895
Security Advisory Description AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault SIGSEGV by writing malformed messages to the...
CVE-2020-5895
CVE-2020-5895 affects NGINX Controller AVRD in versions 3.1.0–3.3.0, where AVRD sockets are world-readable and world-writable, allowing a local attacker to write arbitrary data and trigger a segmentation fault by sending malformed messages. Remediation: upgrade to 3.4.0 (per advisory) and/or depl...