First published: Fri Feb 08 2019(Updated: )
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NGINX Unit | >=0.3<1.7.1 | |
>=0.3<1.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-7401 is critical.
CVE-2019-7401 may result in a denial of service (router process crash) or possibly have unspecified other impact.
NGINX Unit versions between 0.3 and 1.7.1 are affected by CVE-2019-7401.
An attacker can exploit CVE-2019-7401 by sending a specially crafted request to the NGINX Unit router process, causing a heap-based buffer overflow.
Yes, NGINX Unit version 1.7.1 includes a fix for CVE-2019-7401. It is recommended to update to this version to mitigate the vulnerability.