NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the largeclientheader_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:f5:nginx_app_protect_dos:*:*:*:*:*:*:*:*"
],
"vendor_product": "f5:nginx_app_protect_dos",
"extracted_events": [
{
"introduced": "4.3.0"
},
{
"last_affected": "4.7.0"
}
],
"source": "CPE_RANGE"
},
{
"vendor_product": "f5:nginx_app_protect_waf",
"cpes": [
"cpe:2.3:a:f5:nginx_app_protect_waf:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "4.10.0"
},
{
"last_affected": "4.16.0"
},
{
"introduced": "5.2.0"
},
{
"last_affected": "5.8.0"
}
],
"source": "CPE_RANGE"
},
{
"vendor_product": "f5:nginx_instance_manager",
"cpes": [
"cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "2.17.0"
},
{
"last_affected": "2.22.0"
}
],
"source": "CPE_RANGE"
},
{
"cpes": [
"cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*"
],
"vendor_product": "f5:nginx_plus",
"extracted_events": [
{
"introduced": "37.0.0"
},
{
"last_affected": "37.0.1"
}
],
"source": "CPE_RANGE"
},
{
"vendor_product": "f5:waf",
"cpes": [
"cpe:2.3:a:f5:waf:*:*:*:*:*:nginx:*:*"
],
"extracted_events": [
{
"introduced": "5.9.0"
},
{
"last_affected": "5.13.1"
}
],
"source": "CPE_RANGE"
},
{
"vendor_product": "f5:dos",
"cpes": [
"cpe:2.3:a:f5:dos:4.9.0:*:*:*:*:nginx:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "4.9.0"
},
{
"last_affected": "4.9.0"
}
]
},
{
"vendor_product": "f5:nginx_ingress_controller",
"cpes": [
"cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0"
}
]
},
{
"vendor_product": "f5:nginx_plus",
"cpes": [
"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r30:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r30:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r31:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r31:p3:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p3:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r32:p4:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r33:p3:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r34:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r35:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r35:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:-:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p1:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p2:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p3:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p4:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r36:p5:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_plus:r3:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "r3"
},
{
"last_affected": "r3"
},
{
"introduced": "r30-NA"
},
{
"last_affected": "r30-NA"
},
{
"introduced": "r30-p1"
},
{
"last_affected": "r30-p1"
},
{
"introduced": "r30-p2"
},
{
"last_affected": "r30-p2"
},
{
"introduced": "r31-NA"
},
{
"last_affected": "r31-NA"
},
{
"introduced": "r31-p1"
},
{
"last_affected": "r31-p1"
},
{
"introduced": "r31-p2"
},
{
"last_affected": "r31-p2"
},
{
"introduced": "r31-p3"
},
{
"last_affected": "r31-p3"
},
{
"introduced": "r32-NA"
},
{
"last_affected": "r32-NA"
},
{
"introduced": "r32-p1"
},
{
"last_affected": "r32-p1"
},
{
"introduced": "r32-p2"
},
{
"last_affected": "r32-p2"
},
{
"introduced": "r32-p3"
},
{
"last_affected": "r32-p3"
},
{
"introduced": "r32-p4"
},
{
"last_affected": "r32-p4"
},
{
"introduced": "r33-NA"
},
{
"last_affected": "r33-NA"
},
{
"introduced": "r33-p1"
},
{
"last_affected": "r33-p1"
},
{
"introduced": "r33-p2"
},
{
"last_affected": "r33-p2"
},
{
"introduced": "r33-p3"
},
{
"last_affected": "r33-p3"
},
{
"introduced": "r34-NA"
},
{
"last_affected": "r34-NA"
},
{
"introduced": "r34-p1"
},
{
"last_affected": "r34-p1"
},
{
"introduced": "r34-p2"
},
{
"last_affected": "r34-p2"
},
{
"introduced": "r35-NA"
},
{
"last_affected": "r35-NA"
},
{
"introduced": "r35-p1"
},
{
"last_affected": "r35-p1"
},
{
"introduced": "r36-NA"
},
{
"last_affected": "r36-NA"
},
{
"introduced": "r36-p1"
},
{
"last_affected": "r36-p1"
},
{
"introduced": "r36-p2"
},
{
"last_affected": "r36-p2"
},
{
"introduced": "r36-p3"
},
{
"last_affected": "r36-p3"
},
{
"introduced": "r36-p4"
},
{
"last_affected": "r36-p4"
},
{
"introduced": "r36-p5"
},
{
"last_affected": "r36-p5"
}
],
"source": "CPE_STRING"
},
{
"vendor_product": "f5:waf",
"cpes": [
"cpe:2.3:a:f5:waf:4.8.1:*:*:*:*:nginx:*:*"
],
"extracted_events": [
{
"introduced": "4.8.1"
},
{
"last_affected": "4.8.1"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": [
"cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_ingress_controller:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_ingress_controller:4.0.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.5.0"
},
{
"last_affected": "3.7.2"
},
{
"introduced": "5.0.0"
},
{
"fixed": "5.5.1"
},
{
"introduced": "4.0.0"
},
{
"last_affected": "4.0.0"
},
{
"introduced": "4.0.1"
},
{
"last_affected": "4.0.1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"cpe": [
"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
"cpe:2.3:a:f5:nginx_open_source:1.31.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.30.0"
},
{
"fixed": "1.30.3"
},
{
"introduced": "1.31.1"
},
{
"last_affected": "1.31.1"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}{
"cpe": "cpe:2.3:a:f5:nginx_gateway_fabric:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.3.0"
},
{
"last_affected": "1.6.2"
},
{
"introduced": "2.0.0"
},
{
"fixed": "2.6.4"
}
],
"source": "CPE_RANGE"
}