1. Home
  2. Vulnerabilities
  3. CVE-2013-2028

CVE-2013-2028

CVSS v2.0 7.5 (High)
75% Progress
EPSS 15.16 % (96th)
15.16% Progress
Affected Products 2
Advisories 5
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

Weaknesses
CWE-787
Out-of-bounds Write
Related CVEs
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2013-07-20 03:37:20
(11 years ago)
Updated Date
2021-11-10 15:59:33
(2 years ago)

Affected Products

F5

Fedoraproject

Configuration #1

    CPE23 From Up To
  F5 Nginx from 1.3.9 version and 1.4.0 and prior versions cpe:2.3:a:f5:nginx >= 1.3.9 <= 1.4.0

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 19 cpe:2.3:o:fedoraproject:fedora:19