CVE-2011-4315

Name: CVE-2011-4315
Creator: NVD / NIST
Published: 2011-12-08T20:55:01+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 6.07%

Last modified Jun 16, 2026

CVE-2011-4315 is a vulnerability of currently unknown severity. Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.. EPSS estimates a 6.07% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

Metrics

EPSS Probability

6.07%

92.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
F5	Nginx	>= 0.6.18, < 1.0.10
F5	Nginx	>= 1.1.0, <= 1.1.7
Fedoraproject	Fedora	16
Suse	Studio	1.2
Suse	Studio Onsite	1.2
Suse	Webyast	1.2

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlMailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/10Mailing List, Patch, Third Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/8Mailing List, Patch, Third Party Advisory
http://secunia.com/advisories/47097Third Party Advisory
http://secunia.com/advisories/48577Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
http://trac.nginx.org/nginx/changeset/4268/nginxIssue Tracking, Patch, Vendor Advisory
http://www.nginx.org/en/CHANGES-1.0Release Notes, Vendor Advisory
http://www.securityfocus.com/bid/50710Third Party Advisory, VDB Entry
http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070569.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00005.htmlMailing List, Third Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/10Mailing List, Patch, Third Party Advisory
http://openwall.com/lists/oss-security/2011/11/17/8Mailing List, Patch, Third Party Advisory
http://secunia.com/advisories/47097Third Party Advisory
http://secunia.com/advisories/48577Third Party Advisory
http://security.gentoo.org/glsa/glsa-201203-22.xmlThird Party Advisory
http://trac.nginx.org/nginx/changeset/4268/nginxIssue Tracking, Patch, Vendor Advisory
http://www.nginx.org/en/CHANGES-1.0Release Notes, Vendor Advisory
http://www.securityfocus.com/bid/50710Third Party Advisory, VDB Entry

Timeline

Published: Dec 8, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4315?

How severe is CVE-2011-4315?

Severity scoring for CVE-2011-4315 is pending analysis. The EPSS model estimates a 6.07% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4315?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4315?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST