CVE-2014-0133

CVSS v2.0 7.5 (High)

EPSS 3.71 % (92^th)

Affected Products 2

Advisories 5

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-03-28 15:55:08
(10 years ago)
Updated Date: 2021-11-10 15:59:33
(2 years ago)

Affected Products

F5

Nginx

Opensuse

Opensuse

Configuration #1

	CPE23	From	Up To
F5 Nginx from 1.3.15 version and prior 1.4.7 version	cpe:2.3:a:f5:nginx	>= 1.3.15	< 1.4.7
F5 Nginx from 1.5.0 version and 1.5.11 and prior versions	cpe:2.3:a:f5:nginx	>= 1.5.0	<= 1.5.11
Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1

Configuration #2

		CPE23	From	Up To
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1