NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Weakness
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Nginx_plus | F5 | r32-p1 (including) | r32-p1 (including) |
| Nginx_plus | F5 | r32-p2 (including) | r32-p2 (including) |
| Nginx_plus | F5 | r32-p3 (including) | r32-p3 (including) |
| Nginx_plus | F5 | r32-p4 (including) | r32-p4 (including) |
| Nginx_plus | F5 | r33 (including) | r33 (including) |
| Nginx_plus | F5 | r33-p1 (including) | r33-p1 (including) |
| Nginx_plus | F5 | r33-p2 (including) | r33-p2 (including) |
| Nginx_plus | F5 | r33-p3 (including) | r33-p3 (including) |
| Nginx_plus | F5 | r34 (including) | r34 (including) |
| Nginx_plus | F5 | r34-p1 (including) | r34-p1 (including) |
| Nginx_plus | F5 | r34-p2 (including) | r34-p2 (including) |
| Nginx_plus | F5 | r35 (including) | r35 (including) |
| Nginx_plus | F5 | r35-p1 (including) | r35-p1 (including) |
| Nginx_plus | F5 | r36 (including) | r36 (including) |
| Nginx_plus | F5 | r36-p1 (including) | r36-p1 (including) |
| Nginx_plus | F5 | r36-p2 (including) | r36-p2 (including) |
| Red Hat Hardened Images | RedHat | nginx-main-1.30.0-1.hum1 | * |
| Nginx | Ubuntu | esm-infra-legacy/trusty | * |
| Nginx | Ubuntu | esm-infra-legacy/xenial | * |
| Nginx | Ubuntu | esm-infra/bionic | * |
| Nginx | Ubuntu | esm-infra/focal | * |
| Nginx | Ubuntu | esm-infra/xenial | * |
| Nginx | Ubuntu | jammy | * |
| Nginx | Ubuntu | noble | * |
| Nginx | Ubuntu | questing | * |
| Nginx | Ubuntu | upstream | * |