NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic, the ignore_invalid_headers directive is set to off, and the large_client_header_buffers directive size is larger than 2 megabytes. A remote, unauthenticated attacker, along with conditions beyond their control, could send large headers while creating an upstream request. This may cause a heap-based buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XF5 Dos
APPF54.9.0F5 nginx App Protect Dos
APPF54.3.0 – 4.7.0F5 nginx App Protect Waf
APPF54.10.0 – 4.16.05.2.0 – 5.8.0F5 nginx Gateway Fabric
APPF52.0.0 – 2.6.4 (bez)1.3.0 – 1.6.2F5 nginx Ingress Controller
APPF54.0.04.0.13.5.0 – 3.7.25.0.0 – 5.5.1 (bez)F5 nginx Instance Manager
APPF52.17.0 – 2.22.0F5 nginx Open Source
APPF51.31.11.30.0 – 1.30.3 (bez)F5 nginx Plus
APPF5r3r30r31r32r33r34r35r3637.0.0 – 37.0.1F5 Waf
APPF54.8.15.9.0 – 5.13.1
Related vulnerabilities
NGINX Open Source has a vulnerability in the ngx_http_v3_module module. When NGINX Open Source is configured t...
Heap buffer overflow w NGINX w module ngx_http_rewrite_module (RCE)
NGINX heap buffer overflow w module ngx_http_rewrite_module (RCE/restart)
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in...
When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to...