[3.5] nginx: Integer overflow in nginx range filter module leading to memory disclosure (CVE-2017-7529)
An integer overflow vunlerability in nginx range filter module in
ngx_http_range_parse() function was found,
potentially resulting in memory disclosure when used with 3rd party
modules. Issue can be triggered by specially
crafted http range request resulting into leaking the content of the
cache file header.
Affected versions:
nginx 0.5.6 - 1.13.2.
Fixed In Version:
nginx 1.13.3, nginx 1.12.1
Reference:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Patch:
https://nginx.org/download/patch.2017.ranges.txt
(from redmine: issue id 7521, created on 2017-07-13, closed on 2017-07-14)
- Relations:
- parent #7518 (closed)