{"api_version":"1","generated_at":"2026-04-25T02:25:32+00:00","cve":"CVE-2017-7529","urls":{"html":"https://cve.report/CVE-2017-7529","api":"https://cve.report/api/cve/CVE-2017-7529.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-7529","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529"},"summary":{"title":"CVE-2017-7529","description":"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2017-07-13 13:29:00","updated_at":"2022-01-24 16:46:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2021/Sep/36","name":"20210921 APPLE-SA-2021-09-20-4 Xcode 13","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-2021-09-20-4 Xcode 13","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.securitytracker.com/id/1039238","name":"1039238","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"nginx Range Filter Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html","name":"[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)","refsource":"MLIST","tags":["Vendor Advisory"],"title":"[nginx-announce] nginx security advisory (CVE-2017-7529)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT212818","name":"https://support.apple.com/kb/HT212818","refsource":"CONFIRM","tags":[],"title":"About the security content of Xcode 13 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://puppet.com/security/cve/cve-2017-7529","name":"https://puppet.com/security/cve/cve-2017-7529","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2017-7529 - Integer overflow in nginx | Puppet.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/99534","name":"99534","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2017:2538","name":"RHSA-2017:2538","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-7529","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apple","cpe5":"xcode","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"1.12.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"nginx","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"1.13.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"f5","cpe5":"nginx","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"1.12.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nginx","cpe5":"nginx","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"1.13.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"nginx","cpe5":"nginx","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"2017.1.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"puppet","cpe5":"puppet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"2017.2.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"puppet","cpe5":"puppet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"puppet","cpe5":"puppet_enterprise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"puppet","cpe5":"puppet_enterprise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"2017.1.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"puppet","cpe5":"puppet_enterprise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"7529","vulnerable":"1","versionEndIncluding":"2017.2.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"puppet","cpe5":"puppet_enterprise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-7529","qid":"375873","title":"Apple Xcode Prior to 13 Vulnerability (HT212818)"},{"cve":"CVE-2017-7529","qid":"500425","title":"Alpine Linux Security Update for nginx"},{"cve":"CVE-2017-7529","qid":"504184","title":"Alpine Linux Security Update for nginx"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","DATE_PUBLIC":"2017-07-11T00:00:00","ID":"CVE-2017-7529","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"nginx","version":{"version_data":[{"version_value":"0.5.6 - 1.13.2"}]}}]},"vendor_name":"nginx"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190"}]}]},"references":{"reference_data":[{"name":"[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)","refsource":"MLIST","url":"http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"},{"name":"RHSA-2017:2538","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2017:2538"},{"name":"99534","refsource":"BID","url":"http://www.securityfocus.com/bid/99534"},{"name":"1039238","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1039238"},{"name":"https://puppet.com/security/cve/cve-2017-7529","refsource":"CONFIRM","url":"https://puppet.com/security/cve/cve-2017-7529"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT212818","url":"https://support.apple.com/kb/HT212818"},{"refsource":"FULLDISC","name":"20210921 APPLE-SA-2021-09-20-4 Xcode 13","url":"http://seclists.org/fulldisclosure/2021/Sep/36"}]}},"nvd":{"publishedDate":"2017-07-13 13:29:00","lastModifiedDate":"2022-01-24 16:46:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","versionStartIncluding":"0.5.6","versionEndIncluding":"1.12.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.0","versionEndIncluding":"1.13.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionEndExcluding":"2016.4.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2017.2.1","versionEndIncluding":"2017.2.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2017.1.0","versionEndIncluding":"2017.1.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","versionEndExcluding":"13.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"7529","Ordinal":"104334","Title":"CVE-2017-7529","CVE":"CVE-2017-7529","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"7529","Ordinal":"1","NoteData":"Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"7529","Ordinal":"2","NoteData":"2017-07-13","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"7529","Ordinal":"3","NoteData":"2021-09-21","Type":"Other","Title":"Modified"}]}}}