[NGINX:CVE-2013-2028] Stack-based buffer overflow with specially crafted request
Severity
Major
Affected Packages
1
Unaffected Packages
2
CVEs
1
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Package | Affected Version |
---|---|
pkg:nginx/nginx | >= 1.3.9, <= 1.4.0 |
Package | Unaffected Version |
---|---|
pkg:nginx/nginx | >= 1.5.0 |
pkg:nginx/nginx | >= 1.4.1 |
- ID
- NGINX:CVE-2013-2028
- Severity
- major
- Published
-
2013-07-20T03:37:20
(11 years ago) - Modified
-
2013-07-20T03:37:20
(11 years ago) - Rights
- NGINX Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |