CVE-2011-4315

NameCVE-2011-4315
DescriptionHeap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nginx (PTS)bullseye1.18.0-6.1+deb11u3fixed
bullseye (security)1.18.0-6.1+deb11u5fixed
bookworm1.22.1-9+deb12u3fixed
trixie1.26.3-3+deb13u1fixed
forky, sid1.28.0-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nginxsourcesqueeze0.7.67-3+squeeze1
nginxsource(unstable)1.1.8-1low

Notes

[lenny] - nginx <no-dsa> (Minor issue)
http://trac.nginx.org/nginx/changeset/4268/nginx
Search for package or bug name: Reporting problems