CVE-2016-0742

Published: 26 January 2016

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
nginx
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.10-1, 1.9.10, 1.8.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.9.10-0ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.4.6-1ubuntu3.4)
Patches:
Upstream: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3