CVE-2016-0747Uncontrolled Resource Consumption in F5 Nginx

CWE-400Uncontrolled Resource Consumption14 documents9 sources
Severity
5.3MEDIUMNVD
EPSS
33.2%
top 3.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
F5 NginxApple XcodeCanonical Ubuntu Linux+2 more
Timeline
PublishedFeb 15
Latest updateMay 13

Description

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDf5/nginx0.6.181.8.1+1
Debianf5/nginx< 1.9.10-1+3
NVDapple/xcode< 13.0
NVDopensuse/leap42.1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 15.10

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-769v-gfhq-g2w7: The resolver in nginx before 12022-05-13
CVEList
CVE-2016-0747: The resolver in nginx before 12016-02-15
OSV
CVE-2016-0747: The resolver in nginx before 12016-02-15
OSV
nginx vulnerabilities2016-02-09

📋Vendor Advisories

4
Apple
CVE-2016-0747: Xcode 132021-09-20
Ubuntu
nginx vulnerabilities2016-02-09
Red Hat
nginx: Insufficient limits of CNAME resolution in resolver2016-01-26
Debian
CVE-2016-0747: nginx - The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly lim...2016

💬Community

5
Bugzilla
CVE-2016-0747 nginx: Insufficient limits of CNAME resolution in resolver2016-01-28
Bugzilla
CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 nginx: various flaws [fedora-all]2016-01-28
Bugzilla
nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-5]2016-01-28
Bugzilla
nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-7]2016-01-27
Bugzilla
nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-6]2016-01-27
CVE-2016-0747 — Uncontrolled Resource Consumption in F5 | cvebase