CVE-2012-1180 — Use After Free in F5 Nginx

CWE-416 — Use After Free CWE-122 — Heap-based Buffer Overflow10 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.1%

top 13.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Nginx Debian Linux Fedoraproject Fedora

Timeline

PublishedApr 17

Latest updateMay 13

Description

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDf5/nginx0.1.0 — 1.0.14+1

▶Debianf5/nginx< 1.1.17-1+3

Also affects: Debian Linux 6.0, Fedora 15, 16, 17

Patches

Patch: nginx.org ↗Patch: nginx.org ↗Patch: trac.nginx.org ↗

🔴Vulnerability Details

GHSA

GHSA-3rf9-jvj9-2299: Use-after-free vulnerability in nginx before 1↗2022-05-13

▶

OSV

CVE-2012-1180: Use-after-free vulnerability in nginx before 1↗2012-04-17

▶

CVEList

CVE-2012-1180: Use-after-free vulnerability in nginx before 1↗2012-04-17

▶

📋Vendor Advisories

Red Hat

libxslt: Heap-buffer overflow caused by bad cast in XSL transforms↗2012-08-31

▶

Red Hat

libxslt: Use-after-free when processing an invalid XPath expression↗2012-08-31

▶

Debian

CVE-2012-1180: nginx - Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allo...↗2012

▶

💬Community

Bugzilla

CVE-2012-1180 nginx: malformed HTTP response headers leads to information leak↗2012-03-15

▶

Bugzilla

CVE-2012-1180 nginx: malformed HTTP response headers leads to information leak [epel-all]↗2012-03-15

▶

Bugzilla

CVE-2012-1180 nginx: malformed HTTP response headers leads to information leak [fedora-all]↗2012-03-15

▶