CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

References

Affected packages

Git / github.com/nginx/nginx

Affected ranges

Type: GIT
Repo: https://github.com/nginx/nginx
Events: Introduced

cb1cdc7426ba5470197f1a1ca5e8fe485223e558

Fixed

759af1a42404d87a2ba51dc94e902b7a5ea5491e

Affected versions

release-0.*

release-0.6.18

release-0.6.19

release-0.6.20

release-0.6.21

release-0.6.22

release-0.6.23

release-0.6.24

release-0.6.25

release-0.6.26

release-0.6.27

release-0.6.28

release-0.6.29

release-0.6.30

release-0.6.31

release-0.7.0

release-0.7.1

release-0.7.10

release-0.7.11

release-0.7.12

release-0.7.13

release-0.7.14

release-0.7.15

release-0.7.16

release-0.7.17

release-0.7.18

release-0.7.19

release-0.7.2

release-0.7.20

release-0.7.21

release-0.7.22

release-0.7.23

release-0.7.24

release-0.7.25

release-0.7.26

release-0.7.27

release-0.7.28

release-0.7.29

release-0.7.3

release-0.7.30

release-0.7.31

release-0.7.32

release-0.7.33

release-0.7.34

release-0.7.35

release-0.7.36

release-0.7.37

release-0.7.38

release-0.7.39

release-0.7.4

release-0.7.40

release-0.7.41

release-0.7.42

release-0.7.43

release-0.7.44

release-0.7.45

release-0.7.46

release-0.7.47

release-0.7.48

release-0.7.49

release-0.7.5

release-0.7.50

release-0.7.51

release-0.7.52

release-0.7.53

release-0.7.54

release-0.7.55

release-0.7.56

release-0.7.57

release-0.7.58

release-0.7.59

release-0.7.6

release-0.7.7

release-0.7.8

release-0.7.9

release-0.8.0

release-0.8.1

release-0.8.10

release-0.8.11

release-0.8.12

release-0.8.13

release-0.8.14

release-0.8.15

release-0.8.16

release-0.8.17

release-0.8.18

release-0.8.19

release-0.8.2

release-0.8.20

release-0.8.21

release-0.8.22

release-0.8.23

release-0.8.24

release-0.8.25

release-0.8.26

release-0.8.27

release-0.8.28

release-0.8.29

release-0.8.3

release-0.8.30

release-0.8.31

release-0.8.32

release-0.8.33

release-0.8.34

release-0.8.35

release-0.8.36

release-0.8.37

release-0.8.38

release-0.8.39

release-0.8.4

release-0.8.40

release-0.8.41

release-0.8.42

release-0.8.43

release-0.8.44

release-0.8.45

release-0.8.46

release-0.8.47

release-0.8.48

release-0.8.49

release-0.8.5

release-0.8.50

release-0.8.51

release-0.8.52

release-0.8.53

release-0.8.6

release-0.8.7

release-0.8.8

release-0.8.9

release-0.9.0

release-0.9.1

release-0.9.2

release-0.9.3

release-0.9.4

release-0.9.5

release-0.9.6

release-0.9.7

release-1.*

release-1.0.0

release-1.0.1

release-1.0.2

release-1.0.3

release-1.0.4

release-1.0.5

release-1.1.0

release-1.1.1

release-1.1.10

release-1.1.11

release-1.1.12

release-1.1.13

release-1.1.14

release-1.1.15

release-1.1.16

release-1.1.17

release-1.1.18

release-1.1.19

release-1.1.2

release-1.1.3

release-1.1.4

release-1.1.5

release-1.1.6

release-1.1.7

release-1.1.8

release-1.1.9

release-1.2.0

release-1.3.0

release-1.3.1

release-1.3.10

release-1.3.11

release-1.3.12

release-1.3.13

release-1.3.14

release-1.3.15

release-1.3.16

release-1.3.2

release-1.3.3

release-1.3.4

release-1.3.5

release-1.3.6

release-1.3.7

release-1.3.8

release-1.3.9

release-1.4.0

release-1.5.0

release-1.5.1

release-1.5.10

release-1.5.11

release-1.5.12

release-1.5.13

release-1.5.2

release-1.5.3

release-1.5.4

release-1.5.5

release-1.5.6

release-1.5.7

release-1.5.8

release-1.5.9

release-1.7.0

release-1.7.1

release-1.7.10

release-1.7.11

release-1.7.12

release-1.7.2

release-1.7.3

release-1.7.4

release-1.7.5

release-1.7.6

release-1.7.7

release-1.7.8

release-1.7.9

release-1.8.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0747.json"