[3.6] nginx: Integer overflow in nginx range filter module leading to memory disclosure (CVE-2017-7529)ID: oval:org.secpod.oval:def:1800512 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
An integer overflow vulnerability in nginx range filter module in ngx_ function was found, potentially resulting in memory disclosure when used with 3rd party modules. Issue can be triggered by specially crafted http range request resulting into leaking the content of the cache file header. Affected versions: nginx 0.5.6 - 1.13.2. Fixed In Version: nginx 1.13.3, nginx 1.12.1 Reference: Patch:
Platform: |
Alpine Linux 3.6 |