Integer overflow in nginx
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Integer overflow
EUVDB-ID: #VU76699
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-20005
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the ngx_gmtime() function when processing dates within the autoindex module. A remote attacker with the ability to pass a file to the server with a specially crafted timestamp with a year prior to 1970 and after the year 10000, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsnginx: 1.13.0 - 1.13.5
CPE2.3 External linkshttps://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b
https://trac.nginx.org/nginx/ticket/1368
https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf
https://nginx.org/en/CHANGES
https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html
https://security.netapp.com/advisory/ntap-20210805-0006/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
