Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
nginx
GitHub Repository: nginx/nginx.org
 Path: blob/main/xml/en/security_advisories.xml
1 views
1
<!--

2
  Copyright (C) Igor Sysoev

3
  Copyright (C) Nginx, Inc.

4
  -->

5


6
<!DOCTYPE article SYSTEM "../../dtd/article.dtd">

7


8
<article name="nginx security advisories"

9
         link="/en/security_advisories.html"

10
         lang="en"

11
         rev="1">

12


13
<section>

14


15
<para>

16
All nginx security issues should be reported to

17
<link url="mailto:[email protected]">[email protected]</link>

18
or via one of the methods listed

19
<link url="https://github.com/nginx/nginx/blob/master/SECURITY.md">here</link>.

20
</para>

21


22
<para>

23
Patches are signed using one of the

24
<link doc="pgp_keys.xml">PGP public keys</link>.

25
</para>

26


27
<security>

28


29
<item name="Buffer overflow in the ngx_http_rewrite_module"

30
      severity="medium"

31
      advisory="https://my.f5.com/manage/s/article/K000161377"

32
      cve="2026-9256"

33
      good="1.31.1+, 1.30.2+"

34
      vulnerable="0.1.17-1.31.0">

35
</item>

36


37
<item name="HTTP/2 request injection in the ngx_http_proxy_module"

38
      severity="medium"

39
      advisory="https://my.f5.com/manage/s/article/K000161131"

40
      cve="2026-42926"

41
      good="1.31.0+, 1.30.1+"

42
      vulnerable="1.29.4-1.30.0">

43
</item>

44


45
<item name="Buffer overflow in the ngx_http_rewrite_module"

46
      severity="medium"

47
      advisory="https://my.f5.com/manage/s/article/K000161019"

48
      cve="2026-42945"

49
      good="1.31.0+, 1.30.1+"

50
      vulnerable="0.6.27-1.30.0">

51
</item>

52


53
<item name="Buffer overread in the ngx_http_scgi_module and ngx_http_uwsgi_module"

54
      severity="medium"

55
      advisory="https://my.f5.com/manage/s/article/K000161027"

56
      cve="2026-42946"

57
      good="1.31.0+, 1.30.1+"

58
      vulnerable="0.8.42-1.30.0">

59
</item>

60


61
<item name="Buffer overread in the ngx_http_charset_module"

62
      severity="low"

63
      advisory="https://my.f5.com/manage/s/article/K000161028"

64
      cve="2026-42934"

65
      good="1.31.0+, 1.30.1+"

66
      vulnerable="0.3.50-1.30.0">

67
</item>

68


69
<item name="HTTP/3 address spoofing"

70
      severity="medium"

71
      advisory="https://my.f5.com/manage/s/article/K000161068"

72
      cve="2026-40460"

73
      good="1.31.0+, 1.30.1+"

74
      vulnerable="1.25.0-1.30.0">

75
</item>

76


77
<item name="resolver use-after-free in OCSP"

78
      severity="medium"

79
      advisory="https://my.f5.com/manage/s/article/K000161021"

80
      cve="2026-40701"

81
      good="1.31.0+, 1.30.1+"

82
      vulnerable="1.19.0-1.30.0">

83
</item>

84


85
<item name="Buffer overflow in ngx_http_dav_module"

86
      severity="medium"

87
      advisory="https://my.f5.com/manage/s/article/K000160382"

88
      cve="2026-27654"

89
      good="1.29.7+, 1.28.3+"

90
      vulnerable="0.5.13-1.29.6">

91
</item>

92


93
<item name="Buffer overflow in the ngx_http_mp4_module"

94
      severity="medium"

95
      advisory="https://my.f5.com/manage/s/article/K000160364"

96
      cve="2026-27784"

97
      good="1.29.7+, 1.28.3+"

98
      vulnerable="1.1.19-1.29.6">

99
</item>

100


101
<item name="Buffer overflow in the ngx_http_mp4_module"

102
      severity="medium"

103
      advisory="https://my.f5.com/manage/s/article/K000160366"

104
      cve="2026-32647"

105
      good="1.29.7+, 1.28.3+"

106
      vulnerable="1.1.19-1.29.6">

107
</item>

108


109
<item name="NULL pointer dereference while using CRAM-MD5 or APOP"

110
      severity="low"

111
      advisory="https://my.f5.com/manage/s/article/K000160383"

112
      cve="2026-27651"

113
      good="1.29.7+, 1.28.3+"

114
      vulnerable="0.5.15-1.29.6">

115
</item>

116


117
<item name="Injection in auth_http and XCLIENT"

118
      severity="medium"

119
      advisory="https://my.f5.com/manage/s/article/K000160367"

120
      cve="2026-28753"

121
      good="1.29.7+, 1.28.3+"

122
      vulnerable="0.6.27-1.29.6">

123
</item>

124


125
<item name="OCSP result bypass in stream"

126
      severity="medium"

127
      advisory="https://my.f5.com/manage/s/article/K000160368"

128
      cve="2026-28755"

129
      good="1.29.7+, 1.28.3+"

130
      vulnerable="1.27.2-1.29.6">

131
</item>

132


133
<item name="SSL upstream injection"

134
      severity="medium"

135
      advisory="https://my.f5.com/manage/s/article/K000159824"

136
      cve="2026-1642"

137
      good="1.29.5+, 1.28.2+"

138
      vulnerable="1.3.0-1.29.4">

139
</item>

140


141
<item name="Buffer overread in the ngx_mail_smtp_module"

142
      severity="low"

143
      advisory="https://my.f5.com/manage/s/article/K000152786"

144
      cve="2025-53859"

145
      good="1.29.1+"

146
      vulnerable="0.7.22-1.29.0">

147
</item>

148


149
<item name="SSL session reuse vulnerability"

150
      severity="medium"

151
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html"

152
      cve="2025-23419"

153
      good="1.27.4+, 1.26.3+"

154
      vulnerable="1.11.4-1.27.3">

155
</item>

156


157
<item name="Buffer overread in the ngx_http_mp4_module"

158
      severity="low"

159
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html"

160
      cve="2024-7347"

161
      good="1.27.1+, 1.26.2+"

162
      vulnerable="1.5.13-1.27.0">

163
<patch name="patch.2024.mp4.txt" />

164
</item>

165


166
<item name="Buffer overwrite in HTTP/3"

167
      severity="medium"

168
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html"

169
      cve="2024-32760"

170
      good="1.27.0+, 1.26.1+"

171
      vulnerable="1.25.0-1.25.5, 1.26.0">

172
</item>

173


174
<item name="Stack overflow and use-after-free in HTTP/3"

175
      severity="medium"

176
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html"

177
      cve="2024-31079"

178
      good="1.27.0+, 1.26.1+"

179
      vulnerable="1.25.0-1.25.5, 1.26.0">

180
</item>

181


182
<item name="NULL pointer dereference in HTTP/3"

183
      severity="medium"

184
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html"

185
      cve="2024-35200"

186
      good="1.27.0+, 1.26.1+"

187
      vulnerable="1.25.0-1.25.5, 1.26.0">

188
</item>

189


190
<item name="Memory disclosure in HTTP/3"

191
      severity="medium"

192
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/GMY32CSHFH6VFTN76HJNX7WNEX4RLHF6.html"

193
      cve="2024-34161"

194
      good="1.27.0+, 1.26.1+"

195
      vulnerable="1.25.0-1.25.5, 1.26.0">

196
</item>

197


198
<item name="NULL pointer dereference in HTTP/3"

199
      severity="major"

200
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html"

201
      cve="2024-24989"

202
      good="1.25.4+"

203
      vulnerable="1.25.3">

204
</item>

205


206
<item name="Use-after-free in HTTP/3"

207
      severity="major"

208
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2024/NW6MNW34VZ6HDIHH5YFBIJYZJN7FGNAV.html"

209
      cve="2024-24990"

210
      good="1.25.4+"

211
      vulnerable="1.25.0-1.25.3">

212
</item>

213


214
<item name="Memory corruption in the ngx_http_mp4_module"

215
      severity="medium"

216
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"

217
      cve="2022-41741"

218
      good="1.23.2+, 1.22.1+"

219
      vulnerable="1.1.3-1.23.1, 1.0.7-1.0.15">

220
<patch name="patch.2022.mp4.txt" />

221
</item>

222


223
<item name="Memory disclosure in the ngx_http_mp4_module"

224
      severity="medium"

225
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"

226
      cve="2022-41742"

227
      good="1.23.2+, 1.22.1+"

228
      vulnerable="1.1.3-1.23.1, 1.0.7-1.0.15">

229
<patch name="patch.2022.mp4.txt" />

230
</item>

231


232
<item name="1-byte memory overwrite in resolver"

233
      severity="medium"

234
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"

235
      cve="2021-23017"

236
      good="1.21.0+, 1.20.1+"

237
      vulnerable="0.6.18-1.20.0">

238
<patch name="patch.2021.resolver.txt" />

239
</item>

240


241
<item name="Excessive CPU usage in HTTP/2 with small window updates"

242
      severity="medium"

243
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"

244
      cve="2019-9511"

245
      good="1.17.3+, 1.16.1+"

246
      vulnerable="1.9.5-1.17.2">

247
</item>

248


249
<item name="Excessive CPU usage in HTTP/2 with priority changes"

250
      severity="low"

251
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"

252
      cve="2019-9513"

253
      good="1.17.3+, 1.16.1+"

254
      vulnerable="1.9.5-1.17.2">

255
</item>

256


257
<item name="Excessive memory usage in HTTP/2 with zero length headers"

258
      severity="low"

259
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"

260
      cve="2019-9516"

261
      good="1.17.3+, 1.16.1+"

262
      vulnerable="1.9.5-1.17.2">

263
</item>

264


265
<item name="Excessive memory usage in HTTP/2"

266
      severity="low"

267
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"

268
      cve="2018-16843"

269
      good="1.15.6+, 1.14.1+"

270
      vulnerable="1.9.5-1.15.5">

271
</item>

272


273
<item name="Excessive CPU usage in HTTP/2"

274
      severity="low"

275
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"

276
      cve="2018-16844"

277
      good="1.15.6+, 1.14.1+"

278
      vulnerable="1.9.5-1.15.5">

279
</item>

280


281
<item name="Memory disclosure in the ngx_http_mp4_module"

282
      severity="medium"

283
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"

284
      cve="2018-16845"

285
      good="1.15.6+, 1.14.1+"

286
      vulnerable="1.1.3-1.15.5, 1.0.7-1.0.15">

287
<patch name="patch.2018.mp4.txt" />

288
</item>

289


290
<item name="Integer overflow in the range filter"

291
      severity="medium"

292
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"

293
      cve="2017-7529"

294
      good="1.13.3+, 1.12.1+"

295
      vulnerable="0.5.6-1.13.2">

296
<patch name="patch.2017.ranges.txt" />

297
</item>

298


299
<item name="NULL pointer dereference while writing client request body"

300
      severity="medium"

301
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"

302
      cve="2016-4450"

303
      good="1.11.1+, 1.10.1+"

304
      vulnerable="1.3.9-1.11.0">

305
<patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" />

306
<patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" />

307
</item>

308


309
<item name="Invalid pointer dereference in resolver"

310
      severity="medium"

311
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"

312
      cve="2016-0742"

313
      good="1.9.10+, 1.8.1+"

314
      vulnerable="0.6.18-1.9.9" />

315


316
<item name="Use-after-free during CNAME response processing in resolver"

317
      severity="medium"

318
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"

319
      cve="2016-0746"

320
      good="1.9.10+, 1.8.1+"

321
      vulnerable="0.6.18-1.9.9" />

322


323
<item name="Insufficient limits of CNAME resolution in resolver"

324
      severity="medium"

325
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"

326
      cve="2016-0747"

327
      good="1.9.10+, 1.8.1+"

328
      vulnerable="0.6.18-1.9.9" />

329


330
<item name="SSL session reuse vulnerability"

331
      severity="medium"

332
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"

333
      cve="2014-3616"

334
      good="1.7.5+, 1.6.2+"

335
      vulnerable="0.5.6-1.7.4">

336
</item>

337


338
<item name="STARTTLS command injection"

339
      severity="medium"

340
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"

341
      cve="2014-3556"

342
      good="1.7.4+, 1.6.1+"

343
      vulnerable="1.5.6-1.7.3">

344
<patch name="patch.2014.starttls.txt" />

345
</item>

346


347
<item name="SPDY heap buffer overflow"

348
      severity="major"

349
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"

350
      cve="2014-0133"

351
      good="1.5.12+, 1.4.7+"

352
      vulnerable="1.3.15-1.5.11">

353
<patch name="patch.2014.spdy2.txt" />

354
</item>

355


356
<item name="SPDY memory corruption"

357
      severity="major"

358
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"

359
      cve="2014-0088"

360
      good="1.5.11+"

361
      vulnerable="1.5.10">

362
<patch name="patch.2014.spdy.txt" />

363
</item>

364


365
<item name="Request line parsing vulnerability"

366
      severity="medium"

367
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"

368
      cve="2013-4547"

369
      good="1.5.7+, 1.4.4+"

370
      vulnerable="0.8.41-1.5.6">

371
<patch name="patch.2013.space.txt" />

372
</item>

373


374
<item name="Memory disclosure with specially crafted HTTP backend responses"

375
      severity="medium"

376
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"

377
      cve="2013-2070"

378
      good="1.5.0+, 1.4.1+, 1.2.9+"

379
      vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0">

380
<patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" />

381
<patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" />

382
</item>

383


384
<item name="Stack-based buffer overflow with specially crafted request"

385
      severity="major"

386
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"

387
      cve="2013-2028"

388
      good="1.5.0+, 1.4.1+"

389
      vulnerable="1.3.9-1.4.0">

390
<patch name="patch.2013.chunked.txt" />

391
</item>

392


393
<item name="Vulnerabilities with Windows directory aliases"

394
      severity="medium"

395
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html"

396
      cve="2011-4963"

397
      good="1.3.1+, 1.2.1+"

398
      vulnerable="nginx/Windows 0.7.52-1.3.0" />

399


400
<item name="Buffer overflow in the ngx_http_mp4_module"

401
      severity="major"

402
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html"

403
      cve="2012-2089"

404
      good="1.1.19+, 1.0.15+"

405
      vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14">

406
<patch name="patch.2012.mp4.txt" />

407
</item>

408


409
<item name="Memory disclosure with specially crafted backend responses"

410
      severity="major"

411
      advisory="https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html"

412
      cve="2012-1180"

413
      good="1.1.17+, 1.0.14+"

414
      vulnerable="0.1.0-1.1.16">

415
<patch name="patch.2012.memory.txt" />

416
</item>

417


418
<item name="Buffer overflow in resolver"

419
      severity="medium"

420
      cve="2011-4315"

421
      good="1.1.8+, 1.0.10+"

422
      vulnerable="0.6.18-1.1.7" />

423


424
<item name="Vulnerabilities with invalid UTF-8 sequence on Windows"

425
      severity="major"

426
      cve="2010-2266"

427
      good="0.8.41+, 0.7.67+"

428
      vulnerable="nginx/Windows 0.7.52-0.8.40" />

429


430
<item name="Vulnerabilities with Windows file default stream"

431
      severity="major"

432
      cve="2010-2263"

433
      good="0.8.40+, 0.7.66+"

434
      vulnerable="nginx/Windows 0.7.52-0.8.39" />

435


436
<item name="Vulnerabilities with Windows 8.3 filename pseudonyms"

437
      severity="major"

438
      core="CORE-2010-0121"

439
      href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities"

440
      good="0.8.33+, 0.7.65+"

441
      vulnerable="nginx/Windows 0.7.52-0.8.32" />

442


443
<item name="An error log data are not sanitized"

444
      severity="none"

445
      cve="2009-4487"

446
      good="none"

447
      vulnerable="all" />

448


449
<item name="The renegotiation vulnerability in SSL protocol"

450
      severity="major"

451
      cert="120541"

452
      cve="2009-3555"

453
      good="0.8.23+, 0.7.64+"

454
      vulnerable="0.1.0-0.8.22">

455
<patch name="patch.cve-2009-3555.txt" />

456
</item>

457


458
<item name="Directory traversal vulnerability"

459
      severity="minor"

460
      cve="2009-3898"

461
      good="0.8.17+, 0.7.63+"

462
      vulnerable="0.1.0-0.8.16" />

463


464
<item name="Buffer underflow vulnerability"

465
      severity="major"

466
      cert="180065"

467
      cve="2009-2629"

468
      good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"

469
      vulnerable="0.1.0-0.8.14">

470
<patch name="patch.180065.txt" />

471
</item>

472


473
<item name="Null pointer dereference vulnerability"

474
      severity="major"

475
      cve="2009-3896"

476
      good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"

477
      vulnerable="0.1.0-0.8.13">

478
<patch name="patch.null.pointer.txt" />

479
</item>

480


481
</security>

482


483
</section>

484


485
</article>

486


487