CVE-2017-20005

Updated: 2024-11-30 01:46:45.469199

Description:

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS nginx 1.10.3 9.8 CRITICAL Released CLSA-2021:1636378490 2022-05-05 12:02:14
CloudLinux 6 ELS nginx 1.10.3 9.8 CRITICAL Released 2021-11-08 09:50:06
Oracle Linux 6 ELS nginx 1.10.3 9.8 CRITICAL Released CLSA-2021:1635427159 2021-11-02 21:02:48
Ubuntu 16.04 ELS nginx 1.10.3-0 9.8 CRITICAL Released CLSA-2021:1635430310 2021-11-02 21:02:48