FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nginx -- multiple vulnerabilities

Affected packages
1.2.0,1 <= nginx <= 1.2.8,1
1.3.0,1 <= nginx < 1.4.1,1
1.1.4 <= nginx-devel <= 1.2.8
1.3.0 <= nginx-devel < 1.5.0


VuXML ID efaa4071-b700-11e2-b1b9-f0def16c5c1b
Discovery 2013-05-07
Entry 2013-05-07
Modified 2013-05-16

The nginx project reports:

A stack-based buffer overflow might occur in a worker process process while handling a specially crafted request, potentially resulting in arbitrary code execution. [CVE-2013-2028]

A security problem related to CVE-2013-2028 was identified, affecting some previous nginx versions if proxy_pass to untrusted upstream HTTP servers is used.

The problem may lead to a denial of service or a disclosure of a worker process memory on a specially crafted response from an upstream proxied server. [CVE-2013-2070]


CVE Name CVE-2013-2028
CVE Name CVE-2013-2070