Denial of service in NginX

Posted on Posted in NginX

Decription: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450).


Affected versions:

  • nginx 1.3.x
  • nginx 1.4.x
  • nginx 1.5.x
  • nginx 1.6.x
  • nginx 1.7.x
  • nginx 1.8.x
  • nginx 1.9.x
  • nginx 1.10.x
  • nginx 1.11.x

Recommended action:
Upgrade to the latest available NginX or apply patches if upgrade is not applicable.

Patch for nginx 1.9.13-1.11.0 can be found here:

Patch for older nginx versions (1.3.9 - 1.9.12):

Origin URLs:

  • Leave a Reply

    Your email address will not be published. Required fields are marked *