Gentoo Linux Security Advisory GLSA 200909-18 - A buffer underflow vulnerability in the request URI processing of nginx might enable remote attackers to execute arbitrary code or cause a Denial of Service. Chris Ries reported a heap-based buffer underflow in the ngx_http_parse_complex_uri() function in http/ngx_http_parse.c when parsing the request URI. Versions less than 0.7.62 are affected.
3e186b6e8020ac6e5882ce73b38aedf1a23f65065e34c0d65c214ea8519421aaDebian Security Advisory 1884-1 - Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.
1419e6a12847d769f87454f95d9dcca030059bae87b601f27e6e4beb3aa3d9ca
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed