Red Hat Bugzilla – Bug 1468584
CVE-2017-7529 nginx: Integer overflow in nginx range filter module leading to memory disclosure
Last modified: 2017-08-29 05:03:02 EDT
An integer overflow vunlerability in nginx range filter module in ngx_http_range_parse() function was found, potentially resulting in memory disclosure when used with 3rd party modules. Issue can be triggered by specially crafted http range request resulting into leaking the content of the cache file header.
Name: the Nginx project
Created nginx tracking bugs for this issue:
Affects: epel-all [bug 1469925]
Affects: fedora-all [bug 1469924]
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products:
Red Hat Software Collections for Red Hat Enterprise Linux 6
Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
Red Hat Software Collections for Red Hat Enterprise Linux 7
Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS
Via RHSA-2017:2538 https://access.redhat.com/errata/RHSA-2017:2538