CVE-2014-0133 — Out-of-bounds Write in F5 Nginx

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow9 documents8 sources

Severity

7.5HIGHNVD

EPSS

20.9%

top 4.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Nginx Opensuse

Timeline

PublishedMar 28

Latest updateMay 13

Description

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDf5/nginx1.3.15 — 1.4.7+1

▶Debianf5/nginx< 1.4.7-1+3

▶NVDopensuse/opensuse13.1

🔴Vulnerability Details

GHSA

GHSA-m342-r7h7-vj42: Heap-based buffer overflow in the SPDY implementation in nginx 1↗2022-05-13

▶

OSV

CVE-2014-0133: Heap-based buffer overflow in the SPDY implementation in nginx 1↗2014-03-28

▶

CVEList

CVE-2014-0133: Heap-based buffer overflow in the SPDY implementation in nginx 1↗2014-03-28

▶

📋Vendor Advisories

Red Hat

nginx: heap-based buffer overflow in SPDY implementation↗2014-03-18

▶

Debian

CVE-2014-0133: nginx - Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4...↗2014

▶

💬Community

HackerOne

Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE↗2016-10-15

▶

HackerOne

SPDY heap buffer overflow↗2014-03-24

▶

Bugzilla

CVE-2014-0133 nginx: heap-based buffer overflow in SPDY implementation↗2014-03-19

▶