{"id":"CVE-2016-0746","details":"Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.","modified":"2026-04-16T01:40:33.763787947Z","published":"2016-02-15T19:59:01.157Z","related":["SUSE-SU-2016:1232-1","openSUSE-SU-2024:10044-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"type":"ADVISORY","url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3473"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1034869"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2892-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"type":"ADVISORY","url":"https://bto.bluecoat.com/security-advisory/sa115"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201606-06"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT212818"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2021/Sep/36"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nginx/nginx","events":[{"introduced":"94dcfa5fe1501f35d7f22ae6050e2965939480d6"},{"fixed":"0269c7a312bf754dcee68a36d055aea0989046f3"}]}],"versions":["release-1.9.0","release-1.9.1","release-1.9.2","release-1.9.3","release-1.9.4","release-1.9.5","release-1.9.6","release-1.9.7","release-1.9.8","release-1.9.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0746.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}