nginx Information for VU#180065

Nginx ngx_http_parse_complex_uri() buffer underflow vulnerability

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The author of nginx has published the following updated versions of the software to address this issue:

  • Development version: nginx-0.8.15, nginx/Windows-0.8.15, change log
  • Stable version: nginx-0.7.62, nginx/Windows-0.7.62, change log
  • Legacy stable version: nginx-0.6.39, change log
  • Legacy version: nginx-0.5.38, change log
Users of nginx from the original distribution are encouraged to upgrade to one of these versions (or newer, as appropriate). The author has also published a standalone patch to address this issue.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.