Description
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can send requests that with conditions beyond the attackers' control to cause a heap buffer over-read in the NGINX worker process, leading to limited disclosure of memory or a restart. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Problem types
Product status
R37 (custom) before *
R36 (custom) before R36 P4
R32 (custom) before R32 P6
1.31.0 (semver) before *
0.3.50 (semver) before 1.30.1
Credits
F5 acknowledges David Carlier, Zhenpeng (Leo) Lin of depthfirst, and GAO Liyou for bringing this issue to our attention and following the highest standards of coordinated disclosure.
References
my.f5.com/manage/s/article/K000161028