FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- a specially crafted request might result in worker process crash

Affected packages
1.4.0 <= nginx < 1.8.1_3,2
1.10.0,2 <= nginx < 1.10.1,2
1.3.9 <= nginx-devel < 1.9.15_1
1.10.0 <= nginx-devel < 1.11.1

Details

VuXML ID 36cf7670-2774-11e6-af29-f0def16c5c1b
Discovery 2016-05-31
Entry 2016-05-31
Modified 2016-06-05

Maxim Dounin reports:

A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file.

References

CVE Name CVE-2016-4450
URL http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html