CVE-2011-4315 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Nginx
Fedoraproject	Fedora
Suse	Studio Studio Onsite Webyast

Configuration 1 [-]

OR	cpe:2.3:a:f5:nginx::::::::
	cpe:2.3:a:f5:nginx::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:suse:studio:1.2::::standard:::
	cpe:2.3:a:suse:studio_onsite:1.2:::::::*
	cpe:2.3:a:suse:webyast:1.2:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html
http://openwall.com/lists/oss-security/2011/11/17/10
http://openwall.com/lists/oss-security/2011/11/17/8
http://secunia.com/advisories/47097
http://secunia.com/advisories/48577
http://security.gentoo.org/glsa/glsa-201203-22.xml
http://trac.nginx.org/nginx/changeset/4268/nginx
http://www.nginx.org/en/CHANGES-1.0
http://www.securityfocus.com/bid/50710

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-12-08T20:00:00

Updated: 2024-08-07T00:01:51.591Z

Reserved: 2011-11-04T00:00:00

Link: CVE-2011-4315

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-12-08T20:55:01.000

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4315

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-06-09T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20111117 Re: CVE Request: nginx resolver heap overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/11/17/10"}, {"name": "FEDORA-2011-16075", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"}, {"name": "SUSE-SU-2011:1300", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nginx.org/en/CHANGES-1.0"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"}, {"name": "[oss-security] 20111117 CVE Request: nginx resolver heap overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/11/17/8"}, {"name": "48577", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48577"}, {"name": "47097", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47097"}, {"name": "GLSA-201203-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"}, {"name": "50710", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50710"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:51.591Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20111117 Re: CVE Request: nginx resolver heap overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/11/17/10"}, {"name": "FEDORA-2011-16075", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"}, {"name": "SUSE-SU-2011:1300", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.nginx.org/en/CHANGES-1.0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"}, {"name": "[oss-security] 20111117 CVE Request: nginx resolver heap overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/11/17/8"}, {"name": "48577", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48577"}, {"name": "47097", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47097"}, {"name": "GLSA-201203-22", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"}, {"name": "50710", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50710"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4315", "datePublished": "2011-12-08T20:00:00", "dateReserved": "2011-11-04T00:00:00", "dateUpdated": "2024-08-07T00:01:51.591Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F92F127-6CBE-43EE-9E40-3FA89656A225", "versionEndExcluding": "1.0.10", "versionStartIncluding": "0.6.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "67542E52-9201-4AC8-BB9E-0F93D7DC968C", "versionEndIncluding": "1.1.7", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:studio:1.2:*:*:*:standard:*:*:*", "matchCriteriaId": "234A6341-7A0E-42BB-A653-11064B6F110C", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E523A94D-9ECA-43C2-B96F-0D2C77D3F952", "vulnerable": true}, {"criteria": "cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3DB92F3-F16A-4304-AA90-DB5325814F6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en el procesamiento de compresi\u00f3n puntero en core/ngx_resolver.c en nginx antes de v1.0.10 permite a resolvers remotos causar una denegaci\u00f3n de servicio (ca\u00edda del demonio) o posiblemente tener un impacto no especificado a trav\u00e9s de una respuesta larga."}], "id": "CVE-2011-4315", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-08T20:55:01.000", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/11/17/10"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/11/17/8"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/47097"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/48577"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.nginx.org/en/CHANGES-1.0"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/50710"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/11/17/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/11/17/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/47097"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/48577"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://trac.nginx.org/nginx/changeset/4268/nginx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.nginx.org/en/CHANGES-1.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/50710"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}