First Last Prev Next    This bug is not in your last search results.
Bug 1204615 - (CVE-2022-3638) VUL-0: CVE-2022-3638: nginx: memory leak for the "ipv4=off" case
(CVE-2022-3638)
VUL-0: CVE-2022-3638: nginx: memory leak for the "ipv4=off" case
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Felix Schnizlein
Security Team bot
https://smash.suse.de/issue/345993/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-10-24 07:30 UTC by Thomas Leroy
Modified: 2022-10-24 07:31 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-10-24 07:30:15 UTC 
CVE-2022-3638

A vulnerability was found in Nginx and classified as problematic. This issue
affects some unknown processing of the file ngx_resolver.c of the component IPv4
Off Handler. The manipulation leads to memory leak. The attack may be initiated
remotely. It is recommended to apply a patch to fix this issue. The identifier
VDB-211937 was assigned to this vulnerability.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3638
https://github.com/nginx/nginx/commit/14341ce2377d38a268261e0fec65b6915ae6e95e
https://www.cve.org/CVERecord?id=CVE-2022-3638
https://vuldb.com/?id.211937
http://hg.nginx.org/nginx/rev/0422365794f7
Comment 1 Thomas Leroy 2022-10-24 07:31:18 UTC 
The commit introducing the leak is very recent and not shipped in our codestreams. Not affected, closing
First Last Prev Next    This bug is not in your last search results.