High severity7.5NVD Advisory· Published Jul 13, 2017· Updated May 13, 2026

CVE-2017-7529

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

Affected products

Nginx/Nginxv5
Range: 0.5.6 - 1.13.2
Puppet (software)/Puppet Enterprise
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Range: <2016.4.7
Apple Inc./Xcode
cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
Range: <13.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

mailman.nginx.org/pipermail/nginx-announce/2017/000200.htmlnvdVendor Advisory
seclists.org/fulldisclosure/2021/Sep/36nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/99534nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039238nvdThird Party AdvisoryVDB Entry
access.redhat.com/errata/RHSA-2017:2538nvdThird Party Advisory
puppet.com/security/cve/cve-2017-7529nvdThird Party Advisory
support.apple.com/kb/HT212818nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.074
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000