alibaba/tengine
Releases62
Frequency2 months 1 week
Last Release
Stars13.3K
A distribution of Nginx with some advanced features
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | 7.5 HIGH | — | ||
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| = 2.2.2 | 7.5 HIGH | — | ||
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. | ||||
| = 1.0 | 5.5 MEDIUM | 4.3 MEDIUM | ||
The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far. | ||||