1072546 – (CVE-2014-0088) CVE-2014-0088 nginx: possible arbitrary code execution via SPDY implementation in 1.5.10

Bug 1072546 (CVE-2014-0088) - CVE-2014-0088 nginx: possible arbitrary code execution via SPDY implementation in 1.5.10

Summary: CVE-2014-0088 nginx: possible arbitrary code execution via SPDY implementatio...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2014-0088
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-03-04 18:23 UTC by Vincent Danen
Modified:	2020-11-05 10:33 UTC (History)
CC List:	11 users (show)
Fixed In Version:	nginx 1.5.11
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-03-04 18:48:10 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vincent Danen 2014-03-04 18:23:32 UTC

The following security flaw in nginx was reported [1]:

A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution (CVE-2014-0088).

The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with the ngx_http_spdy_module module (which is not compiled by default), if the "spdy" option of the "listen" directive is used in a configuration file.

No Red Hat products, including Fedora and EPEL, ship this vulnerable version of nginx.

[1] http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html

Note You need to log in before you can comment on or make changes to this bug.