CVE-2017-7529
Description
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
91.909
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Nginx to 9.1.19 | Windows |
| Update Nginx to 9.1.5 | Windows |
| Update Nginx to 9.1.8 | Windows |
| Update Nginx to 9.2.14 | Windows |
| Update Nginx to 9.2.19 | Windows |
| Update Nginx to 9.2.3 | Windows |
| Update Nginx to 9.2.7 | Windows |
| Update Nginx to 9.3.10 | Windows |
| Update Nginx to 9.3.15 | Windows |
| Update Nginx to 9.3.17 | Windows |
| small, powerful, scalable web/proxy server (USN-2892-1) nginx-naxsi_1.4.6-1ubuntu3.9_amd64.deb | Linux |
| small, powerful, scalable web/proxy server (USN-2892-1) nginx-naxsi_1.4.6-1ubuntu3.9_i386.deb | Linux |
| Nginx 1.4.6-1ubuntu3.7 for Ubuntu 14.04 LTS (x64) nginx_1.4.6-1ubuntu3.8_all.deb | Linux |
| Nginx 1.10.3-1ubuntu3 for Ubuntu 17.04 (x64) nginx_1.10.3-1ubuntu3.1_all.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-core_1.10.3-1ubuntu3.1_i386.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-core_1.10.3-1ubuntu3.1_amd64.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-full_1.10.3-1ubuntu3.1_i386.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-full_1.10.3-1ubuntu3.1_amd64.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-light_1.10.3-1ubuntu3.1_i386.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-light_1.10.3-1ubuntu3.1_amd64.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-common_1.10.3-1ubuntu3.1_all.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-extras_1.10.3-1ubuntu3.1_i386.deb | Linux |
| small, powerful, scalable web/proxy server (USN-3352-1) nginx-extras_1.10.3-1ubuntu3.1_amd64.deb | Linux |
| Update Nginx to 9.1.19 (For Linux) | Linux |
| Update Nginx to 9.1.5 (For Linux) | Linux |
| Update Nginx to 9.1.8 (For Linux) | Linux |
| Update Nginx to 9.2.14 (For Linux) | Linux |
| Update Nginx to 9.2.19 (For Linux) | Linux |
| Update Nginx to 9.2.3 (For Linux) | Linux |
| Update Nginx to 9.2.7 (For Linux) | Linux |
| Update Nginx to 9.3.10 (For Linux) | Linux |
| Update Nginx to 9.3.15 (For Linux) | Linux |
| Update Nginx to 9.3.17 (For Linux) | Linux |
| Integer Overflow or Wraparound Vulnerability (CVE-2017-7529) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234