CVEFinder.io

CVE-2017-20005

⛔ critical
🔍 Scan for this CVE
Summary

NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.

CVSS Score
9.8
Critical
EPSS Score
3.3
Exploit Probability
Published Date
2021-06-06
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.6% of all 335,187 vulnerabilities in our database.

#31,628
Top 10% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Dec 4, 2025
🔍 Exploitation Status
None
No known exploits
âš™ī¸ Automatable
YES
Can be exploited automatically
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-12-05
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)

đŸ“Ļ Affected Products 2

🔗 References 6

http://nginx.org/en/CHANGES
Release Notes Vendor Advisory
https://trac.nginx.org/nginx/ticket/1368
Exploit Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-14355 đŸ”ļ medium 5.6 0.3 In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo... 2026-07-03
CVE-2026-56968 â„šī¸ low 3.7 0.2 GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could... 2026-06-23
CVE-2026-49975 âš ī¸ high 7.5 11.5 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service vi... 2026-06-08
CVE-2026-46333 âš ī¸ high 7.1 1.4 In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The ... 2026-05-15
CVE-2026-31431 âš ī¸ high 7.8 96.3 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla... 2026-04-22
CVE-2026-41082 âš ī¸ high 7.3 0.2 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. 2026-04-16
These CVEs affect the same products