{"id":"CVE-2016-4450","details":"os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.","modified":"2026-04-16T06:21:54.871779998Z","published":"2016-06-07T14:06:14.200Z","related":["SUSE-SU-2017:0190-1","openSUSE-SU-2017:0361-1","openSUSE-SU-2017:0362-1","openSUSE-SU-2024:10044-1"],"references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036019"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2991-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201606-06"},{"type":"ADVISORY","url":"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3592"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/90967"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nginx/nginx","events":[{"introduced":"ea235785cd3caec4cf50c61a514fbed3c21f7c6e"},{"fixed":"e32426747fa56ab92dd6b5432ee57c912413e46a"},{"introduced":"0"},{"last_affected":"f694e2afd3bdf9d9fc159cac94276330905cff39"}],"database_specific":{"versions":[{"introduced":"1.3.9"},{"fixed":"1.10.1"},{"introduced":"0"},{"last_affected":"1.11.0"}]}}],"versions":["release-1.10.0","release-1.11.0","release-1.3.10","release-1.3.11","release-1.3.12","release-1.3.13","release-1.3.14","release-1.3.15","release-1.3.16","release-1.3.9","release-1.4.0","release-1.5.0","release-1.5.1","release-1.5.10","release-1.5.11","release-1.5.12","release-1.5.13","release-1.5.2","release-1.5.3","release-1.5.4","release-1.5.5","release-1.5.6","release-1.5.7","release-1.5.8","release-1.5.9","release-1.7.0","release-1.7.1","release-1.7.10","release-1.7.11","release-1.7.12","release-1.7.2","release-1.7.3","release-1.7.4","release-1.7.5","release-1.7.6","release-1.7.7","release-1.7.8","release-1.7.9","release-1.9.0","release-1.9.1","release-1.9.10","release-1.9.11","release-1.9.12","release-1.9.13","release-1.9.14","release-1.9.15","release-1.9.2","release-1.9.3","release-1.9.4","release-1.9.5","release-1.9.6","release-1.9.7","release-1.9.8","release-1.9.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.10"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4450.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}