CVE-2017-7529

CWE-190 — Integer Overflow13 documents10 sources

Severity

7.5HIGH

EPSS

92.9%

top 0.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Xcode Puppet Puppet Enterprise F5 Nginx +1 more

Timeline

PublishedJul 13

Latest updateMay 13

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶Debiannginx< 1.13.3-1+3

▶NVDf5/nginx0.5.6 — 1.12.1+1

▶CVEListV5nginx/nginx0.5.6 - 1.13.2

▶NVDapple/xcode< 13.0

▶NVDpuppet/puppet_enterprise2017.1.0 — 2017.1.1+2

🔴Vulnerability Details

GHSA

GHSA-85mj-h68w-w736: Nginx versions since 0↗2022-05-13

▶

OSV

CVE-2017-7529: Nginx versions since 0↗2017-07-13

▶

CVEList

CVE-2017-7529: Nginx versions since 0↗2017-07-13

▶

📋Vendor Advisories

Apple

CVE-2017-7529: Xcode 13↗2021-09-20

▶

Ubuntu

nginx vulnerability↗2017-07-13

▶

Red Hat

nginx: Integer overflow in nginx range filter module leading to memory disclosure↗2017-07-11

▶

Debian

CVE-2017-7529: nginx - Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer ...↗2017

▶

💬Community

HackerOne

https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529↗2020-12-16

▶

HackerOne

Integer Overflow (CVE_2017_7529)↗2020-07-13

▶

Bugzilla

CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure [epel-all]↗2017-07-12

▶

Bugzilla

CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure [fedora-all]↗2017-07-12

▶

Bugzilla

CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure↗2017-07-07

▶