CVE-2017-20005
published 2021-06-06CVE-2017-20005: NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | nginx | < nginx 1.13.6-1 (bookworm) | nginx 1.13.6-1 (bookworm) |
| f5 | nginx | < 1.13.6 | 1.13.6 |
| f5 | nginx | >= 0 < 1.13.6-1 | 1.13.6-1 |
| f5 | nginx | >= 0 < 1.13.6-1 | 1.13.6-1 |
| f5 | nginx | >= 0 < 1.13.6-1 | 1.13.6-1 |
| f5 | nginx | >= 0 < 1.13.6-1 | 1.13.6-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL