CVE-2011-4315 — MEDIUM (6.8)

Q: How severe is CVE-2011-4315?

CVE-2011-4315 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-4315?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx, Fedoraproject Fedora, Suse Studio, Suse Studio Onsite, Suse Webyast.

Vulnerability Description

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
F5	Nginx	>= 0.6.18, < 1.0.10
Fedoraproject	Fedora	16
Suse	Studio	1.2
Suse	Studio Onsite	1.2
Suse	Webyast	1.2

Related Weaknesses (CWE)

CWE-787

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.hThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/10Mailing ListPatchThird Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/8Mailing ListPatchThird Party Advisory
http://secunia.com/advisories/47097Third Party Advisory
http://secunia.com/advisories/48577Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
http://trac.nginx.org/nginx/changeset/4268/nginxIssue TrackingPatchVendor Advisory
http://www.nginx.org/en/CHANGES-1.0Release NotesVendor Advisory
http://www.securityfocus.com/bid/50710Third Party AdvisoryVDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.hThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlMailing ListThird Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/10Mailing ListPatchThird Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/8Mailing ListPatchThird Party Advisory
http://secunia.com/advisories/47097Third Party Advisory

FAQ

What is CVE-2011-4315?

CVE-2011-4315 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecif...

How severe is CVE-2011-4315?

CVE-2011-4315 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-4315?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx, Fedoraproject Fedora, Suse Studio, Suse Studio Onsite, Suse Webyast.