What is CVE-2014-0088?

CVE-2014-0088 is a vulnerability in F5 Nginx, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-04-29.

Is CVE-2014-0088 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in F5 Nginx

CVE-2014-0088

The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.

Vulnerability class: Buffer Overflow

EPSS: 0.026 (85.9th percentile) — read the EPSS interpretation.

Affected products

F5 Nginx — versions 1.5.10
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

lukeber4/usn-search

References

[nginx-announce] 20140304 nginx security advisory (CVE-2014-0088) (mailing-list, x_refsource_MLIST, Patch)
1030150 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2014-0088?: CVE-2014-0088 is a vulnerability in F5 Nginx, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-04-29.
Is CVE-2014-0088 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.