CVE-2017-7529: Integer Overflow
First published: Fri Jul 07 2017(Updated: )
An integer overflow vunlerability in nginx range filter module in ngx_http_range_parse() function was found, potentially resulting in memory disclosure when used with 3rd party modules. Issue can be triggered by specially crafted http range request resulting into leaking the content of the cache file header.
Credit: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2017-7529 CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 CVE-2019-20372 secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/nginx | <1.13.3 | 1.13.3 |
| redhat/nginx | <1.12.1 | 1.12.1 |
| F5 Nginx | >=0.5.6<=1.12.1 | |
| F5 Nginx | >=1.13.0<=1.13.2 | |
| Puppet Puppet Enterprise | <2016.4.7 | |
| Puppet Puppet Enterprise | >=2017.1.0<=2017.1.1 | |
| Puppet Puppet Enterprise | >=2017.2.1<=2017.2.3 | |
| Apple Xcode | <13.0 | |
| Apple Xcode | <13 | 13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212818 (Advisory)
- http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
- http://seclists.org/fulldisclosure/2021/Sep/36
- http://www.securityfocus.com/bid/99534
- http://www.securitytracker.com/id/1039238
- https://access.redhat.com/errata/RHSA-2017:2538
- https://puppet.com/security/cve/cve-2017-7529
- https://support.apple.com/kb/HT212818
- https://nginx.org/download/patch.2017.ranges.txt
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1469925
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1469924
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi?id=1468584
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2017-7529?
CVE-2017-7529 is a vulnerability that affects IDE Xcode Server and was addressed by updating nginx to version 1.21.0.
How does CVE-2017-7529 affect Xcode Server?
CVE-2017-7529 affects Xcode Server by causing multiple issues that were resolved by updating nginx to version 1.21.0.
What should I do to fix CVE-2017-7529?
To fix CVE-2017-7529, you need to update nginx to version 1.21.0.
Where can I find more information about CVE-2017-7529?
You can find more information about CVE-2017-7529 on the Apple support website: https://support.apple.com/en-us/HT212818
- collector/nvd-index
- collector/apple-support
- alias/CVE-2016-0746
- alias/CVE-2016-0747
- alias/CVE-2017-7529
- alias/CVE-2018-16843
- alias/CVE-2018-16844
- alias/CVE-2018-16845
- alias/CVE-2019-20372
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/f5
- canonical/f5 nginx
- version/f5 nginx/0.5.6
- version/f5 nginx/1.12.1
- version/f5 nginx/1.13.0
- version/f5 nginx/1.13.2
- vendor/puppet
- canonical/puppet puppet enterprise
- version/puppet puppet enterprise/2017.1.0
- version/puppet puppet enterprise/2017.1.1
- version/puppet puppet enterprise/2017.2.1
- version/puppet puppet enterprise/2017.2.3
- vendor/apple
- canonical/apple xcode
- package-manager/redhat