Integer overflow in nginx



Published: 2021-06-07 | Updated: 2023-05-31
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-20005
CWE-ID CWE-190
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
nginx
Server applications / Web servers

Vendor NGINX

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU76699

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-20005

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the ngx_gmtime() function when processing dates within the autoindex module. A remote attacker with the ability to pass a file to the server with a specially crafted timestamp with a year prior to 1970 and after the year 10000, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

nginx: 1.13.0 - 1.13.5

External links

http://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
http://trac.nginx.org/nginx/ticket/1368
http://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
http://nginx.org/en/CHANGES
http://lists.debian.org/debian-lts-announce/2021/06/msg00009.html
http://security.netapp.com/advisory/ntap-20210805-0006/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###