CVE-2011-4315

CWE-787Out-of-bounds Write8 documents6 sources
Severity
6.8MEDIUM
EPSS
2.8%
top 13.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
F5 NginxFedoraproject FedoraSuse Studio+2 more
Timeline
PublishedDec 8
Latest updateMay 13

Description

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

NVDf5/nginx0.6.181.0.10+1
Debiannginx< 1.1.8-1+3
NVDsuse/studio1.2
NVDsuse/webyast1.2

Also affects: Fedora 16

Patches

Patch: openwall.comPatch: openwall.comPatch: trac.nginx.org

🔴Vulnerability Details

3
GHSA
GHSA-v2v8-x9vm-wr66: Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver2022-05-13
OSV
CVE-2011-4315: Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver2011-12-08
CVEList
CVE-2011-4315: Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver2011-12-08

📋Vendor Advisories

1
Debian
CVE-2011-4315: nginx - Heap-based buffer overflow in compression-pointer processing in core/ngx_resolve...2011

💬Community

3
Bugzilla
CVE-2011-4315 nginx: heap overflow in ngx_resolver_copy()2011-11-17
Bugzilla
CVE-2011-4315 nginx: heap overflow in ngx_resolver_copy() [fedora-all]2011-11-17
Bugzilla
CVE-2011-4315 nginx: heap overflow in ngx_resolver_copy() [epel-all]2011-11-17
CVE-2011-4315 (MEDIUM CVSS 6.8) | Heap-based buffer overflow in compr | cvebase.io