CVE-2017-7529

Impact:
Low
Public Date:
2017-07-11
CWE:
CWE-190
Bugzilla:
1468584: CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure
A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.

Find out more about CVE-2017-7529 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-nginx110-nginx) RHSA-2017:2538 2017-08-28
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-nginx110-nginx) RHSA-2017:2538 2017-08-28

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-nginx112-nginx Not affected
Red Hat Software Collections for Red Hat Enterprise Linux rh-nginx18-nginx Will not fix

Acknowledgements

Red Hat would like to thank the Nginx project for reporting this issue.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.