Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2028 — Out-of-bounds Write in F5 Nginx

CWE-787 — Out-of-bounds Write11 documents6 sources

Severity

7.5HIGHNVD

EPSS

93.0%

top 0.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

F5 Nginx Fedoraproject Fedora

Timeline

PublishedJul 20

Latest updateMay 13

Description

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDf5/nginx1.3.9 — 1.4.0

Also affects: Fedora 19

Patches

Patch: mailman.nginx.org ↗Patch: nginx.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-68mc-8233-5xrw: The ngx_http_parse_chunked function in http/ngx_http_parse↗2022-05-13

▶

CVEList

CVE-2013-2028: The ngx_http_parse_chunked function in http/ngx_http_parse↗2013-07-18

▶

💥Exploits & PoCs

Exploit-DB

Nginx 1.4.0 (Generic Linux x64) - Remote Overflow↗2014-03-15

▶

Exploit-DB

Nginx 1.3.9/1.4.0 (x86) - Brute Force↗2013-07-11

▶

Exploit-DB

Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit)↗2013-05-28

▶

Exploit-DB

Nginx 1.3.9 < 1.4.0 - Denial of Service (PoC)↗2013-05-17

▶

📋Vendor Advisories

Debian

CVE-2013-2028: nginx - The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 thro...↗2013

▶

💬Community

Bugzilla

CVE-2013-2070 nginx: denial of service or memory disclosure when using proxy_pass↗2013-05-13

▶

Bugzilla

CVE-2013-2028 nginx: Stack-based buffer overflow when handling certain chunked transfer encoding requests [fedora-rawhide]↗2013-05-07

▶

Bugzilla

CVE-2013-2028 nginx: Stack-based buffer overflow when handling certain chunked transfer encoding requests↗2013-05-07

▶