Buffer Overflow Vulnerability in NGINX Unit Software
CVE-2019-7401

9.8CRITICAL

Key Information:

Vendor

Nginx

Status
Unit
Vendor
CVE Published:
8 February 2019

What is CVE-2019-7401?

A heap-based buffer overflow vulnerability exists in NGINX Unit prior to version 1.7.1. This vulnerability can be exploited by an attacker sending specially crafted requests to the router process. The flaw may cause the router process to crash, resulting in a denial of service. Additionally, it may lead to other undefined impacts, raising concerns for security and stability in systems utilizing NGINX Unit.

References

http://unit.nginx.org/CHANGES.txt
x_refsource_MISC
http://mailman.nginx.org/pipermail/unit/2019-February/000...
x_refsource_MISC
http://hg.nginx.org/unit/file/tip/CHANGES
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.