Description

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

Remediation

References

CVE-2013-2028

Related Vulnerabilities

WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)

XWiki CVE-2023-48241 Vulnerability (CVE-2023-48241)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)

Nginx Other Vulnerability (CVE-2016-0742)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-29905)

Severity

High

Classification

CVE-2013-2028 CWE-787

Tags

Missing Update Known Vulnerabilities