Launchpad CVE tracker

CVE 2016-4450

os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.

Related bugs and status

CVE-2016-4450 (Candidate) is related to these bugs:

Bug #1587577: [CVE-2016-4450] NULL pointer dereference while writing client request body

		In	Importance	Status
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Ubuntu)	Undecided	Fix Released
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Ubuntu Yakkety)	Undecided	Fix Released
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Ubuntu Vivid)	Undecided	Won't Fix
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Ubuntu Trusty)	Undecided	Fix Released
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Ubuntu Xenial)	Undecided	Fix Released
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Ubuntu Wily)	Undecided	Fix Released
1587577	[CVE-2016-4450] NULL pointer dereference while writing client request body	nginx (Debian)	Unknown	Fix Released

Bug #1663937: [SRU] Please update nginx in Xenial and Yakkety to 1.10.3

		In	Importance	Status
1663937	[SRU] Please update nginx in Xenial and Yakkety to 1.10.3	nginx (Ubuntu)	Wishlist	Fix Released
1663937	[SRU] Please update nginx in Xenial and Yakkety to 1.10.3	nginx (Ubuntu Xenial)	Wishlist	Fix Released
1663937	[SRU] Please update nginx in Xenial and Yakkety to 1.10.3	nginx (Ubuntu Yakkety)	Wishlist	Fix Committed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2016-4450

References