High severity7.8NVD Advisory· Published May 7, 2020· Updated Jun 17, 2026
CVE-2020-5895
CVE-2020-5895
Description
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.
Affected products
2- NGINX/Controllerdescription
- Range: 3.1.0-3.3.0
Patches
Vulnerability mechanics
References
2- support.f5.com/csp/article/K95120415nvdVendor Advisory
- security.netapp.com/advisory/ntap-20200522-0001/nvd
News mentions
0No linked articles in our index yet.