[NGINX:CVE-2013-2028] Stack-based buffer overflow with specially crafted request
Severity
Major
Affected Packages
1
Unaffected Packages
2
CVEs
1
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
| Package | Affected Version |
|---|---|
 pkg:nginx/nginx
|
>= 1.3.9, <= 1.4.0 |
| Package | Unaffected Version |
|---|---|
|
pkg:nginx/nginx
|
>= 1.5.0 |
|
pkg:nginx/nginx
|
>= 1.4.1 |
- ID
- NGINX:CVE-2013-2028
- Severity
- major
- Published
-
2013-07-20T03:37:20
(11 years ago) - Modified
-
2013-07-20T03:37:20
(11 years ago) - Rights
- NGINX Security Team
- Other Advisories
FEDORA-2013-7560
FREEBSD:EFAA4071-B700-11E2-B1B9-F0DEF16C5C1B
GLSA-201310-04| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |