CVE-2016-4450

os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file...

CVE-2016-4450

os/unix/ngxfiles.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service NULL pointer dereference and worker process crash via a crafted request, involving writing a client request body to a temporary file...

MGASA-2016-0216 Updated nginx packages fix CVE-2016-4450

Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...

Updated nginx packages fix CVE-2016-4450

Updated nginx package fixes security vulnerability: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a...

Debian DSA-3592-1 : nginx - security update

It was discovered that a NULL pointer dereference in the Nginx code responsible for saving client request bodies to a temporary file might result in denial of service: Malformed requests could crash worker processes. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

CVE-2016-4450

A NULL pointer dereference flaw was found in the nginx code responsible for saving client request body to a temporary file. A remote attacker could send a specially crafted request that would cause nginx worker process to crash...

FreeBSD : nginx -- a specially crafted request might result in worker process crash (36cf7670-2774-11e6-af29-f0def16c5c1b)

Maxim Dounin reports : A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. %NASLMINLEVEL 703...

CVE-2016-4555

A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process...

CVE-2016-2146

The amreadpostdata function in modauthmellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service worker process crash, web server deadlock, or memory consumption via a large amount of POST data...

Amazon Linux AMI : nginx (ALAS-2016-655)

It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its...

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service worker process crash or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing...

CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service worker process resource consumption via vectors related to arbitrary name resolution...

Debian DLA-404-1 : nginx security update

It was discovered that there was a invalid pointer deference in nginx, a small, powerful, scalable web/proxy server. An invalid pointer dereference might occur during DNS server response processing, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process...

nginx -- multiple vulnerabilities

Maxim Dounin reports: Several problems in nginx resolver were identified, which might allow an attacker to cause worker process crash, or might have potential other impact if the "resolver" directive is used in a configuration file...

CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping...

UBUNTU-CVE-2014-3199

The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that trigger stopping...

nginx 1.5.10 SPDY Memory Corruption

According to the self-reported version in the server response header, the installed nginx version is 1.5.10. It is, therefore, affected by a memory corruption vulnerability. A flaw exists with the SPDY module implementation, where worker process memory could be corrupted via a specially crafted...

Internet Bug Bounty: SPDY heap buffer overflow

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem affects nginx 1.3.15 -...

FreeBSD : nginx -- SPDY heap buffer overflow (fc28df92-b233-11e3-99ca-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

Updated nginx package fixes security vulnerability

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...