CVE-2017-7529 (retired)

Priority
Description
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to
integer overflow vulnerability in nginx range filter module resulting into
leak of potentially sensitive information triggered by specially crafted
request.
Notes
 sbeattie> from the nginx announcement, the following configuration can
  be used as a temporary workaround:
  max_ranges 1;
Package
Source: nginx (LP Ubuntu Debian)
Upstream:released (1.12.1, 1.13.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.6-1ubuntu3.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.10.3-0ubuntu0.16.04.2)
Patches:
Upstream:http://nginx.org/download/patch.2017.ranges.txt
Upstream:https://trac.nginx.org/nginx/changeset?old=7058&old_path=nginx%2Fsrc&new=1adc6b0d5eaa3bddd6bb1ef7b78b9511d536f14e&new_path=nginx%2Fsrc
More Information

Updated: 2019-03-26 12:26:22 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)