Vulnerability Description
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx Unit | >= 0.3, < 1.7.1 |
Related Weaknesses (CWE)
References
- http://hg.nginx.org/unit/file/tip/CHANGESRelease NotesVendor Advisory
- http://mailman.nginx.org/pipermail/unit/2019-February/000113.htmlMailing ListVendor Advisory
- http://unit.nginx.org/CHANGES.txtRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/106956Third Party AdvisoryVDB Entry
- http://hg.nginx.org/unit/file/tip/CHANGESRelease NotesVendor Advisory
- http://mailman.nginx.org/pipermail/unit/2019-February/000113.htmlMailing ListVendor Advisory
- http://unit.nginx.org/CHANGES.txtRelease NotesVendor Advisory
- http://www.securityfocus.com/bid/106956Third Party AdvisoryVDB Entry
FAQ
What is CVE-2019-7401?
CVE-2019-7401 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process cra...
How severe is CVE-2019-7401?
CVE-2019-7401 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7401?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Unit.