[FREEBSD:DA4B89AD-B28F-11E3-99CA-F0DEF16C5C1B] nginx-devel -- SPDY heap buffer overflow
Severity
High
Affected Packages
1
CVEs
1
The nginx project reports:
A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause a heap memory buffer overflow in a
worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).
The problem affects nginx 1.3.15 - 1.5.11, compiled with the
ngx_http_spdy_module module (which is not compiled by default) and
without --with-debug configure option, if the "spdy" option of the
"listen" directive is used in a configuration file.
The problem is fixed in nginx 1.5.12, 1.4.7.
Package | Affected Version |
---|---|
pkg:freebsd/nginx-devel | < 1.5.12 |
- ID
- FREEBSD:DA4B89AD-B28F-11E3-99CA-F0DEF16C5C1B
- Severity
- high
- Severity from
- CVE-2014-0133
- URL
- http://vuxml.freebsd.org/freebsd/da4b89ad-b28f-11e3-99ca-f0def16c5c1b.html
- Published
-
2014-03-18T00:00:00
(10 years ago) - Modified
-
2014-03-23T00:00:00
(10 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/nginx-devel | nginx-devel | < 1.5.12 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |