CVE-2017-7529

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Published: Jul 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-7529
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
f5 / nginx	0.5.6	1.12.1.x
f5 / nginx	1.13.0	1.13.2.x
puppet / puppet_enterprise	-	2016.4.7
puppet / puppet_enterprise	2017.2.1	2017.2.3.x
puppet / puppet_enterprise	2017.1.0	2017.1.1.x
apple / xcode	-	13.0

http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
http://seclists.org/fulldisclosure/2021/Sep/36
http://www.securityfocus.com/bid/99534
http://www.securitytracker.com/id/1039238
https://access.redhat.com/errata/RHSA-2017:2538
https://puppet.com/security/cve/cve-2017-7529
https://support.apple.com/kb/HT212818

Vulnerability Database

289,599

CVE-2017-7529