Unrated severityNVD Advisory· Published Dec 8, 2011· Updated Apr 29, 2026

CVE-2011-4315

Description

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

Affected products

SUSE S.A./Studio
cpe:2.3:a:suse:studio:1.2:*:*:*:standard:*:*:*
SUSE S.A./Studio Onsite
cpe:2.3:a:suse:studio_onsite:1.2:*:*:*:*:*:*:*
SUSE S.A./Webyast
cpe:2.3:a:suse:webyast:1.2:*:*:*:*:*:*:*
Fedoraproject/Fedora
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openwall.com/lists/oss-security/2011/11/17/10nvdMailing ListPatchThird Party Advisory
openwall.com/lists/oss-security/2011/11/17/8nvdMailing ListPatchThird Party Advisory
trac.nginx.org/nginx/changeset/4268/nginxnvdIssue TrackingPatchVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.htmlnvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlnvdMailing ListThird Party Advisory
secunia.com/advisories/47097nvdThird Party Advisory
secunia.com/advisories/48577nvdThird Party Advisory
security.gentoo.org/glsa/glsa-201203-22.xmlnvdThird Party Advisory
www.nginx.org/en/CHANGES-1.0nvdRelease NotesVendor Advisory
www.securityfocus.com/bid/50710nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000