CVE-2014-0088Improper Restriction of Operations within the Bounds of a Memory Buffer in F5 Nginx

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.6%
top 14.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx
Timeline
PublishedApr 29
Latest updateMay 13

Description

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Ubuntuf5/nginx< 1.4.6-1ubuntu3
NVDf5/nginx1.5.10

Patches

Patch: mailman.nginx.orgPatch: mailman.nginx.org

🔴Vulnerability Details

3
GHSA
GHSA-5w47-hrcw-f886: The SPDY implementation in the ngx_http_spdy_module module in nginx 12022-05-13
OSV
CVE-2014-0088: The SPDY implementation in the ngx_http_spdy_module module in nginx 12014-04-29
CVEList
CVE-2014-0088: The SPDY implementation in the ngx_http_spdy_module module in nginx 12014-04-29

📋Vendor Advisories

2
Red Hat
nginx: possible arbitrary code execution via SPDY implementation in 1.5.102014-03-04
Debian
CVE-2014-0088: nginx - The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 befor...2014

💬Community

2
HackerOne
SPDY memory corruption2014-03-24
Bugzilla
CVE-2014-0088 nginx: possible arbitrary code execution via SPDY implementation in 1.5.102014-03-04
CVE-2014-0088 — F5 Nginx vulnerability | cvebase