CVE-2017-7529 (retired)

Priority
Description
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to
integer overflow vulnerability in nginx range filter module resulting into
leak of potentially sensitive information triggered by specially crafted
request.
Notes
 sbeattie> from the nginx announcement, the following configuration can
be used as a temporary workaround:
      max_ranges 1;
Package
Source: nginx (LP Ubuntu Debian)
Upstream:released (1.12.1, 1.13.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (1.10.3-0ubuntu0.16.04.2)
Patches:
Upstream:http://nginx.org/download/patch.2017.ranges.txt
Upstream:https://trac.nginx.org/nginx/changeset?old=7058&old_path=nginx%2Fsrc&new=1adc6b0d5eaa3bddd6bb1ef7b78b9511d536f14e&new_path=nginx%2Fsrc
More Information

Updated: 2019-08-23 09:18:49 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)