Vulnerability Details CVE-2019-7401
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://hg.nginx.org/unit/file/tip/CHANGES
- http://mailman.nginx.org/pipermail/unit/2019-February/000113.html
- http://unit.nginx.org/CHANGES.txt
- http://www.securityfocus.com/bid/106956
- http://hg.nginx.org/unit/file/tip/CHANGES
- http://mailman.nginx.org/pipermail/unit/2019-February/000113.html
- http://unit.nginx.org/CHANGES.txt
- http://www.securityfocus.com/bid/106956
Products affected by CVE-2019-7401
-
cpe:2.3:a:f5:nginx_unit:0.3
-
cpe:2.3:a:f5:nginx_unit:0.4
-
cpe:2.3:a:f5:nginx_unit:0.5
-
cpe:2.3:a:f5:nginx_unit:0.6
-
cpe:2.3:a:f5:nginx_unit:0.7
-
cpe:2.3:a:f5:nginx_unit:1.0
-
cpe:2.3:a:f5:nginx_unit:1.1
-
cpe:2.3:a:f5:nginx_unit:1.2
-
cpe:2.3:a:f5:nginx_unit:1.3
-
cpe:2.3:a:f5:nginx_unit:1.4
-
cpe:2.3:a:f5:nginx_unit:1.5
-
cpe:2.3:a:f5:nginx_unit:1.6
-
cpe:2.3:a:f5:nginx_unit:1.7