CVE-2017-7529

nginx: Integer overflow in nginx range filter module leading to memory disclosure

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Las versiones desde la 0.5.6 hasta 1.13.2 incluyéndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el módulo filtro de rango de nginx, resultando en un filtrado de información potencialmente confidencial activada por una petición especialmente creada.

A flaw within the processing of ranged HTTP requests has been discovered in the range filter module of nginx. A remote attacker could possibly exploit this flaw to disclose parts of the cache file header, or, if used in combination with third party modules, disclose potentially sensitive memory by sending specially crafted HTTP requests.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-04-05 CVE Reserved
2017-07-13 CVE Published
2017-07-21 First Exploit
2023-10-17 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (17)

URL	Tag	Source
http://seclists.org/fulldisclosure/2021/Sep/36	Mailing List
http://www.securityfocus.com/bid/99534	Third Party Advisory
http://www.securitytracker.com/id/1039238	Third Party Advisory
https://puppet.com/security/cve/cve-2017-7529	Third Party Advisory
https://support.apple.com/kb/HT212818	Third Party Advisory

URL	Date	SRC
https://github.com/liusec/CVE-2017-7529	2017-07-21
https://github.com/MaxSecurity/CVE-2017-7529-POC	2019-06-06
https://github.com/Shehzadcyber/CVE-2017-7529	2022-07-18
https://github.com/SirEagIe/CVE-2017-7529	2024-04-25
https://github.com/cyberk1w1/CVE-2017-7529	2020-06-18
https://github.com/cyberharsh/nginx-CVE-2017-7529	2020-07-02
https://github.com/coolman6942o/-Exploit-CVE-2017-7529	2023-12-19
https://github.com/fu2x2000/CVE-2017-7529-Nginx---Remote-Integer-Overflow-Exploit	2021-09-01

URL	Date	SRC

URL	Date	SRC
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html	2022-01-24
https://access.redhat.com/errata/RHSA-2017:2538	2022-01-24
https://access.redhat.com/security/cve/CVE-2017-7529	2017-08-28
https://bugzilla.redhat.com/show_bug.cgi?id=1468584	2017-08-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
F5 Search vendor "F5"		Nginx Search vendor "F5" for product "Nginx"				>= 0.5.6 <= 1.12.1 Search vendor "F5" for product "Nginx" and version " >= 0.5.6 <= 1.12.1"		-		Affected
F5 Search vendor "F5"		Nginx Search vendor "F5" for product "Nginx"				>= 1.13.0 <= 1.13.2 Search vendor "F5" for product "Nginx" and version " >= 1.13.0 <= 1.13.2"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				< 2016.4.7 Search vendor "Puppet" for product "Puppet Enterprise" and version " < 2016.4.7"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				>= 2017.1.0 <= 2017.1.1 Search vendor "Puppet" for product "Puppet Enterprise" and version " >= 2017.1.0 <= 2017.1.1"		-		Affected
Puppet Search vendor "Puppet"		Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise"				>= 2017.2.1 <= 2017.2.3 Search vendor "Puppet" for product "Puppet Enterprise" and version " >= 2017.2.1 <= 2017.2.3"		-		Affected
Apple Search vendor "Apple"		Xcode Search vendor "Apple" for product "Xcode"				< 13.0 Search vendor "Apple" for product "Xcode" and version " < 13.0"		-		Affected