nginx security advisories

优质
小牛编辑
135浏览
2023-12-01

All nginx security issues should be reported to security-alert@nginx.org.

Patches are signed using one of the PGP public keys.

  • Vulnerabilities with Windows directory aliases Severity: medium CVE-2011-4963 Not vulnerable: 1.3.1+, 1.2.1+ Vulnerable: nginx/Windows 0.7.52-1.3.0

  • Buffer overflow in the ngx_http_mp4_module Severity: major CVE-2012-2089 Not vulnerable: 1.1.19+, 1.0.15+ Vulnerable: 1.1.3-1.1.18, 1.0.7-1.0.14 The patch  pgp

  • Memory disclosure with specially crafted backend responses Severity: major CVE-2012-1180 Not vulnerable: 1.1.17+, 1.0.14+ Vulnerable: 0.1.0-1.1.16 The patch  pgp

  • Buffer overflow in resolver Severity: medium CVE-2011-4315 Not vulnerable: 1.1.8+, 1.0.10+ Vulnerable: 0.6.18-1.1.7

  • Vulnerabilities with invalid UTF-8 sequence on Windows Severity: major CVE-2010-2266 Not vulnerable: 0.8.41+, 0.7.67+ Vulnerable: nginx/Windows 0.7.52-0.8.40

  • Vulnerabilities with Windows file default stream Severity: major CVE-2010-2263 Not vulnerable: 0.8.40+, 0.7.66+ Vulnerable: nginx/Windows 0.7.52-0.8.39

  • Vulnerabilities with Windows 8.3 filename pseudonyms Severity: major CORE-2010-0121 Not vulnerable: 0.8.33+, 0.7.65+ Vulnerable: nginx/Windows 0.7.52-0.8.32

  • An error log data are not sanitized Severity: none CVE-2009-4487 Not vulnerable: none Vulnerable: all

  • The renegotiation vulnerability in SSL protocol Severity: major VU#120541  CVE-2009-3555 Not vulnerable: 0.8.23+, 0.7.64+ Vulnerable: 0.1.0-0.8.22 The patch  pgp

  • Directory traversal vulnerability Severity: minor CVE-2009-3898 Not vulnerable: 0.8.17+, 0.7.63+ Vulnerable: 0.1.0-0.8.16

  • Buffer underflow vulnerability Severity: major VU#180065  CVE-2009-2629 Not vulnerable: 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+ Vulnerable: 0.1.0-0.8.14 The patch  pgp

  • Null pointer dereference vulnerability Severity: major CVE-2009-3896 Not vulnerable: 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+ Vulnerable: 0.1.0-0.8.13 The patch  pgp