998156 – (CVE-2013-2028) VUL-0: CVE-2013-2028: nginx: chunked Transfer-Encoding request overflows

Bug 998156 (CVE-2013-2028) - VUL-0: CVE-2013-2028: nginx: chunked Transfer-Encoding request overflows

Summary: VUL-0: CVE-2013-2028: nginx: chunked Transfer-Encoding request overflows

Status:	RESOLVED UPSTREAM

Alias:	CVE-2013-2028

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-09-09 12:06 UTC by Marcus Meissner
Modified:	2016-09-10 11:56 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-09-09 12:06:34 UTC

https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2028

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. 

http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html

https://nginx.org/download/patch.2013.chunked.txt

Comment 1 Swamp Workflow Management 2016-09-09 22:00:40 UTC

bugbot adjusting priority

Comment 2 Marcus Meissner 2016-09-10 11:56:23 UTC

we never shipped the affected versions.