Description

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

Remediation

References

CVE-2016-0746

Related Vulnerabilities

Apache Traffic Server CVE-2024-31309 Vulnerability (CVE-2024-31309)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7848)

Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

Atlassian Jira CVE-2020-36237 Vulnerability (CVE-2020-36237)

Severity

Critical

Classification

CVE-2016-0746 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities