What is CVE-2014-0133?

CVE-2014-0133 is a vulnerability in F5 Nginx, classified under Out-of-bounds Write. Published 2014-03-28.

Is CVE-2014-0133 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in F5 Nginx

CVE-2014-0133

Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

Vulnerability class: Buffer Overflow

EPSS: 0.186 (95.4th percentile) — read the EPSS interpretation.

Affected products

F5 Nginx
Opensuse — versions 13.1
N/a — versions n/a

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

[nginx-announce] 20140318 nginx security advisory (CVE-2014-0133) (Vendor Advisory, mailing-list, x_refsource_MLIST)
openSUSE-SU-2014:0450 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
66537 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-0133?: CVE-2014-0133 is a vulnerability in F5 Nginx, classified under Out-of-bounds Write. Published 2014-03-28.
Is CVE-2014-0133 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.