Lucene search

FreeBSD89DB3B31-A4C3-11E3-978F-F0DEF16C5C1B

HistoryMar 04, 2014 - 12:00 a.m.

nginx -- SPDY memory corruption

2014-03-0400:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

The nginx project reports:

A bug in the experimental SPDY implementation in nginx 1.5.10 was found,
which might allow an attacker to corrupt worker process memory by using
a specially crafted request, potentially resulting in arbitrary code
execution (CVE-2014-0088).
The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with
the ngx_http_spdy_module module (which is not compiled by default), if
the “spdy” option of the “listen” directive is used in a configuration
file.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchnginx-devel= 1.5.10UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	nginx-devel	= 1.5.10	UNKNOWN

References

mailman.nginx.org/pipermail/nginx-announce/2014/000132.html

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

Related for 89DB3B31-A4C3-11E3-978F-F0DEF16C5C1B