CVE-2016-0742

CWE-476 — NULL Pointer Dereference CWE-125 — Out-of-bounds Read14 documents9 sources

Severity

7.5HIGH

EPSS

80.4%

top 0.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode F5 Nginx Canonical Ubuntu Linux +3 more

Timeline

PublishedFeb 15

Latest updateMay 13

Description

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶NVDf5/nginx0.6.18 — 1.8.1+1

▶Debiannginx< 1.9.10-1+3

▶Ubuntunginx< 1.4.6-1ubuntu3.4

▶NVDapple/xcode< 13.0

▶NVDopensuse/leap42.1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 15.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-x98p-wfj9-8f25: The resolver in nginx before 1↗2022-05-13

▶

OSV

CVE-2016-0742: The resolver in nginx before 1↗2016-02-15

▶

CVEList

CVE-2016-0742: The resolver in nginx before 1↗2016-02-15

▶

OSV

nginx vulnerabilities↗2016-02-09

▶

📋Vendor Advisories

Apple

CVE-2016-0742: Xcode 13↗2021-09-20

▶

Ubuntu

nginx vulnerabilities↗2016-02-09

▶

Red Hat

nginx: invalid pointer dereference in resolver↗2016-01-26

▶

Debian

CVE-2016-0742: nginx - The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attacke...↗2016

▶

💬Community

Bugzilla

CVE-2016-0742 nginx: invalid pointer dereference in resolver↗2016-01-28

▶

Bugzilla

CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 nginx: various flaws [fedora-all]↗2016-01-28

▶

Bugzilla

nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-5]↗2016-01-28

▶

Bugzilla

nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]↗2016-01-27

▶

Bugzilla

nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-6]↗2016-01-27

▶