Nginx SPDY缓冲区溢出漏洞

CVE ID:CVE-2014-0133 Nginx是HTTP及反向代理服务器，同时也用作邮件代理服务器，由Igor Sysoev编写。 nginx SPDY实现存在基于堆的缓冲区溢出，允许攻击者利用漏洞提交特殊的请求使应用程序崩溃或执行任意代码。 0 nginx 1.3.15 nginx 1.5.x nginx 1.5.12, 1.4.7版本已修复该漏洞，建议用户下载使用： http://www.manageengine.com/products/opstor/...

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

DEBIAN-CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

Heap overflow

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request...

CVE-2014-0133

CVE-2014-0133 describes a heap-based buffer overflow in the SPDY implementation of nginx. The vulnerability affects nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12, where crafted requests can cause a remote code execution. The root cause is in the SPDY module (ngx_http_spdy_module) handling use...

Amazon Linux AMI : nginx (ALAS-2014-308)

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon...

Internet Bug Bounty: SPDY heap buffer overflow

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem affects nginx 1.3.15 -...

Internet Bug Bounty: SPDY memory corruption

A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx 1.5.10 on 32-bit platforms,...

Important: nginx

Issue Overview: Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. Affected Packages: nginx Issue Correction: Run yum update nginx or yum update --advisory ALAS-2014-30...

FreeBSD : nginx -- SPDY heap buffer overflow (fc28df92-b233-11e3-99ca-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

FreeBSD : nginx-devel -- SPDY heap buffer overflow (da4b89ad-b28f-11e3-99ca-f0def16c5c1b)

The nginx project reports : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

MGASA-2014-0136 Updated nginx package fixes security vulnerability

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...

Updated nginx package fixes security vulnerability

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133...

Security fix for the ALT Linux 9 package nginx version 1.4.7-alt1

March 19, 2014 Denis Smirnov 1.4.7-alt1 - 1.4.7 - CVE-2014-0133...

nginx -- SPDY heap buffer overflow

The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...

nginx-devel -- SPDY heap buffer overflow

The nginx project reports: A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem...