[FREEBSD:EFAA4071-B700-11E2-B1B9-F0DEF16C5C1B] nginx -- multiple vulnerabilities

Severity High

Affected Packages 2

CVEs 2

The nginx project reports:

A stack-based buffer overflow might occur in a worker process
  process while handling a specially crafted request, potentially
  resulting in arbitrary code execution. [CVE-2013-2028]
A security problem related to CVE-2013-2028 was identified,
  affecting some previous nginx versions if proxy_pass to
  untrusted upstream HTTP servers is used.
The problem may lead to a denial of service or a disclosure of a
  worker process memory on a specially crafted response from an
  upstream proxied server. [CVE-2013-2070]

Package	Affected Version
pkg:freebsd/nginx-devel	< 1.5.0
pkg:freebsd/nginx	< 1.4.1,1

ID

FREEBSD:EFAA4071-B700-11E2-B1B9-F0DEF16C5C1B

Severity

high

Severity from

CVE-2013-2028

URL

http://vuxml.freebsd.org/freebsd/efaa4071-b700-11e2-b1b9-f0def16c5c1b.html

Published

2013-05-07T00:00:00
(11 years ago)

Modified

2013-05-07T00:00:00
(11 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html
FreeBSD VuXML			http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/nginx-devel		nginx-devel	< 1.5.0
Affected	pkg:freebsd/nginx		nginx	< 1.4.1,1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date