The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Opensuse
  • Leap
Canonical
  • Ubuntu Linux
Redhat
  • Software Collections
Apple
  • Xcode
F5
  • Nginx
Debian
  • Debian Linux

Configuration 1 [-]

OR cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html Mailing List Third Party Advisory
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html Vendor Advisory
http://seclists.org/fulldisclosure/2021/Sep/36 Mailing List Third Party Advisory
http://www.debian.org/security/2016/dsa-3473 Third Party Advisory
http://www.securitytracker.com/id/1034869 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2892-1 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1425 Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa115 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1302587 Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/201606-06 Third Party Advisory
https://support.apple.com/kb/HT212818 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-02-15T19:00:00

Updated: 2021-09-21T23:07:01

Reserved: 2015-12-16T00:00:00

Link: CVE-2016-0742

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2016-02-15T19:59:00.107

Modified: 2021-12-15T17:13:25.617

Link: CVE-2016-0742

JSON object: View

cve-icon Redhat Information

No data.

CWE