{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-26T00:00:00", "descriptions": [{"lang": "en", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-21T23:07:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2016:0371", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa115"}, {"name": "GLSA-201606-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201606-06"}, {"name": "1034869", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034869"}, {"name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"}, {"name": "RHSA-2016:1425", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2016:1425"}, {"name": "DSA-3473", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3473"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"}, {"name": "USN-2892-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2892-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212818"}, {"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/36"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-0742", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2016:0371", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"}, {"name": "https://bto.bluecoat.com/security-advisory/sa115", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa115"}, {"name": "GLSA-201606-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201606-06"}, {"name": "1034869", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034869"}, {"name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "refsource": "MLIST", "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"}, {"name": "RHSA-2016:1425", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2016:1425"}, {"name": "DSA-3473", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3473"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"}, {"name": "USN-2892-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2892-1"}, {"name": "https://support.apple.com/kb/HT212818", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212818"}, {"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/36"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:04.038Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2016:0371", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa115"}, {"name": "GLSA-201606-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201606-06"}, {"name": "1034869", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034869"}, {"name": "[nginx] 20160126 nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"}, {"name": "RHSA-2016:1425", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2016:1425"}, {"name": "DSA-3473", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3473"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"}, {"name": "USN-2892-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2892-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212818"}, {"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/36"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0742", "datePublished": "2016-02-15T19:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:04.038Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB42AA9F-E2F7-471C-AAC1-953469630349", "versionEndExcluding": "1.8.1", "versionStartIncluding": "0.6.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90F693D-8EEF-4222-B562-67629C7C72DF", "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB279F6B-EE4C-4885-9CD4-657F6BD2548F", "versionEndExcluding": "13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response."}, {"lang": "es", "value": "El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (referencia a puntero no v\u00e1lido y ca\u00edda del proceso trabajador) a trav\u00e9s de una respuesta UDP DNS manipulada."}], "id": "CVE-2016-0742", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-15T19:59:00.107", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/36"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3473"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034869"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2892-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1425"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa115"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-06"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3473"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2892-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2016:1425"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201606-06"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212818"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:1425", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nginx18-nginx-1:1.8.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-07-14T00:00:00Z"}, {"advisory": "RHSA-2016:1425", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nginx18-nginx-1:1.8.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-07-14T00:00:00Z"}, {"advisory": "RHSA-2016:1425", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-nginx18-nginx-1:1.8.1-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-07-14T00:00:00Z"}, {"advisory": "RHSA-2016:1425", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nginx18-nginx-1:1.8.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-07-14T00:00:00Z"}, {"advisory": "RHSA-2016:1425", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nginx18-nginx-1:1.8.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-07-14T00:00:00Z"}, {"advisory": "RHSA-2016:1425", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-nginx18-nginx-1:1.8.1-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-07-14T00:00:00Z"}], "bugzilla": {"description": "nginx: invalid pointer dereference in resolver", "id": "1302587", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-125", "details": ["The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.", "It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration."], "name": "CVE-2016-0742", "package_state": [{"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Will not fix", "package_name": "nginx16-nginx", "product_name": "Red Hat Software Collections"}], "public_date": "2016-01-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0742\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0742\nhttp://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"], "threat_severity": "Moderate"}