Bug 2450776 (CVE-2026-27654)
| Summary: | CVE-2026-27654 NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngx_http_dav_module module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to the termination of the NGINX worker process, resulting in a Denial of Service (DoS), or allow for the modification of source or destination file names outside the intended document root.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2450849 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-24 15:01:44 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:6906 https://access.redhat.com/errata/RHSA-2026:6906 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:6907 https://access.redhat.com/errata/RHSA-2026:6907 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:6923 https://access.redhat.com/errata/RHSA-2026:6923 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:7002 https://access.redhat.com/errata/RHSA-2026:7002 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:7343 https://access.redhat.com/errata/RHSA-2026:7343 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:13634 https://access.redhat.com/errata/RHSA-2026:13634 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:13680 https://access.redhat.com/errata/RHSA-2026:13680 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:13839 https://access.redhat.com/errata/RHSA-2026:13839 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:14836 https://access.redhat.com/errata/RHSA-2026:14836 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:15942 https://access.redhat.com/errata/RHSA-2026:15942 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:15943 https://access.redhat.com/errata/RHSA-2026:15943 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:15945 https://access.redhat.com/errata/RHSA-2026:15945 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:15966 https://access.redhat.com/errata/RHSA-2026:15966 |