CVE-2016-4450: Null Pointer Dereference
First published: Wed Jun 01 2016(Updated: )
A vulnerability was found in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. External references: <a href="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html">http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html</a> Upstream patches: [nginx 1.9.13 - 1.11.0] <a href="http://nginx.org/download/patch.2016.write.txt">http://nginx.org/download/patch.2016.write.txt</a> [nginx 1.3.9 - 1.9.12] <a href="http://nginx.org/download/patch.2016.write2.txt">http://nginx.org/download/patch.2016.write2.txt</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/nginx | <1.11.1 | 1.11.1 |
| redhat/nginx | <1.10.1 | 1.10.1 |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 | |
| F5 NGINX App Protect | >=1.3.9<1.10.1 | |
| F5 NGINX App Protect | =1.11.0 | |
| Debian | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html
- http://www.debian.org/security/2016/dsa-3592
- http://www.securityfocus.com/bid/90967
- http://www.securitytracker.com/id/1036019
- http://www.ubuntu.com/usn/USN-2991-1
- https://access.redhat.com/errata/RHSA-2016:1425
- https://security.gentoo.org/glsa/201606-06
- http://nginx.org/download/patch.2016.write.txt
- http://nginx.org/download/patch.2016.write2.txt
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1341463
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1341464
- https://trac.nginx.org/nginx/ticket/981
- https://bugzilla.redhat.com/show_bug.cgi?id=1341462
Frequently Asked Questions
What is the severity of CVE-2016-4450?
CVE-2016-4450 has a high severity rating as it may cause worker process crashes.
How do I fix CVE-2016-4450?
To fix CVE-2016-4450, update nginx to version 1.11.1 or 1.10.1, or apply appropriate patches.
Which versions of nginx are affected by CVE-2016-4450?
CVE-2016-4450 affects nginx versions prior to 1.11.1 and 1.10.1.
What is the impact of exploiting CVE-2016-4450?
Exploiting CVE-2016-4450 can lead to a denial of service due to a crash of the nginx worker process.
On which operating systems does CVE-2016-4450 occur?
CVE-2016-4450 can occur on multiple operating systems including specific versions of Ubuntu, Debian, and Red Hat-based distributions.
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4450
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04
- vendor/f5
- canonical/f5 nginx app protect
- version/f5 nginx app protect/1.3.9
- version/f5 nginx app protect/1.11.0
- vendor/debian
- canonical/debian
- version/debian/8.0