CVE-2013-2028

EPSS 87.5%

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

Affected products

n/a · n/a

public PoCs found — 12

githubgithub.com/kitctf/nginxpwn★ 55 githubgithub.com/danghvu/nginx-1.4.0★ 30 githubgithub.com/m4drat/CVE-2013-2028-Exploit★ 19 githubgithub.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC★ 3 githubgithub.com/jptr218/nginxhack★ 1 githubgithub.com/xiw1ll/CVE-2013-2028_Checker★ 0 githubgithub.com/Sunqiz/CVE-2013-2028-reproduction★ 0 exploitdbwww.exploit-db.com/exploits/25499unverified exploitdbwww.exploit-db.com/exploits/25775unverified exploitdbwww.exploit-db.com/exploits/26737unverified exploitdbwww.exploit-db.com/exploits/32277unverified cve_referencepacketstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105176.html http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html http://nginx.org/download/patch.2013.chunked.txt http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html http://secunia.com/advisories/55181 http://security.gentoo.org/glsa/glsa-201310-04.xml https://github.com/rapid7/metasploit-framework/pull/1834 http://www.osvdb.org/93037 http://www.securityfocus.com/bid/59699 http://www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/