NGINX Makers of nginx server
Products by NGINX Sorted by Most Security Vulnerabilities since 2018
@nginx Tweets
Fri Oct 22 21:04:00 +0000 2021
Fri Oct 22 16:48:03 +0000 2021
Thu Oct 21 20:29:18 +0000 2021
Thu Oct 21 16:02:43 +0000 2021
Wed Oct 20 20:00:13 +0000 2021
By the Year
In 2021 there have been 2 vulnerabilities in NGINX with an average score of 9.6 out of ten. Last year NGINX had 5 security vulnerabilities published. Right now, NGINX is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 3.68.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2021 | 2 | 9.60 |
| 2020 | 5 | 5.92 |
| 2019 | 12 | 8.68 |
| 2018 | 3 | 7.03 |
It may take a day or so for new NGINX vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NGINX Security Vulnerabilities
NGINX before 1.13.6 has a buffer overflow for years
CVE-2017-20005
9.8 - Critical
- June 06, 2021
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
Integer Overflow or Wraparound
A security issue in nginx resolver was identified, which might
CVE-2021-23017
9.4 - Critical
- June 01, 2021
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
off-by-five
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c
CVE-2020-24349
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
Improper Input Validation
njs through 0.4.3
CVE-2020-24348
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
Out-of-bounds Read
njs through 0.4.3
CVE-2020-24347
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
Out-of-bounds Read
njs through 0.4.3
CVE-2020-24346
7.8 - High
- August 13, 2020
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
Dangling pointer
NGINX before 1.17.7, with certain error_page configurations
CVE-2019-20372
5.3 - Medium
- January 09, 2020
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.
HTTP Request Smuggling
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation
CVE-2019-9511
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service
CVE-2019-9516
6.5 - Medium
- August 13, 2019
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.
Allocation of Resources Without Limits or Throttling
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
CVE-2019-9513
7.5 - High
- August 13, 2019
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call
CVE-2019-13617
6.5 - Medium
- July 16, 2019
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
Out-of-bounds Read
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c
CVE-2019-13067
9.8 - Critical
- June 30, 2019
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
Out-of-bounds Read
njs through 0.3.1
CVE-2019-12206
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
Memory Corruption
njs through 0.3.1
CVE-2019-12207
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
Out-of-bounds Read
njs through 0.3.1
CVE-2019-12208
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
Memory Corruption
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c
CVE-2019-11838
9.8 - Critical
- May 09, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
Memory Corruption
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c
CVE-2019-11839
9.8 - Critical
- May 09, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
Memory Corruption
njs through 0.3.1
CVE-2019-11837
7.5 - High
- May 09, 2019
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
Numeric Errors
NGINX Unit before 1.7.1 might
CVE-2019-7401
9.8 - Critical
- February 08, 2019
NGINX Unit before 1.7.1 might allow an attacker to cause a heap-based buffer overflow in the router process with a specially crafted request. This may result in a denial of service (router process crash) or possibly have unspecified other impact.
Memory Corruption
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption
CVE-2018-16843
7.5 - High
- November 07, 2018
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.
Resource Exhaustion