Your submission was sent successfully! Close

CVE-2016-0742

Published: 26 January 2016

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
nginx
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was needed)
trusty
Released (1.4.6-1ubuntu3.4)
upstream
Released (1.9.10-1, 1.9.10, 1.8.1)
vivid Ignored
(reached end-of-life)
wily
Released (1.9.3-1ubuntu1.1)
xenial
Released (1.9.10-0ubuntu1)
yakkety
Released (1.9.10-0ubuntu1)
zesty
Released (1.9.10-0ubuntu1)
Patches:
upstream: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3