CVE-2017-7529

NameCVE-2017-7529
DescriptionNginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1024-1, DSA-3908-1
Debian Bugs868109

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nginx (PTS)bullseye1.18.0-6.1+deb11u3fixed
bullseye (security)1.18.0-6.1+deb11u4fixed
bookworm1.22.1-9+deb12u2fixed
trixie1.26.3-2fixed
sid1.26.3-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nginxsourcewheezy1.2.1-2.2+wheezy4+deb7u1DLA-1024-1
nginxsourcejessie1.6.2-5+deb8u5DSA-3908-1
nginxsourcestretch1.10.3-1+deb9u1DSA-3908-1
nginxsource(unstable)1.13.3-1868109

Notes

http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Fixed in 1.13.3, 1.12.1.
Search for package or bug name: Reporting problems