Stack-based Buffer Overflow in ngx_http_parse_chunked function in nginx 1.3.9 through 1.4.0

Stack-based Buffer Overflow in ngx_http_parse_chunked function in nginx 1.3.9 through 1.4.0

CVE-2013-2028 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.

Learn more about our Cis Benchmark Audit For Nginx.