Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

Related bugs and status

CVE-2014-0133 (Candidate) is related to these bugs:

Bug #1294280: [CVE-2014-0133] SPDY Heap Buffer Overflow Vulnerability

Summary				In	Importance	Status
	1294280	[CVE-2014-0133] SPDY Heap Buffer Overflow Vulnerability		nginx (Ubuntu)	Undecided	Fix Released
	1294280	[CVE-2014-0133] SPDY Heap Buffer Overflow Vulnerability		nginx (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [nginx-announce] 20140...
SUSE: openSUSE-SU-2014:0450
BID: 66537