CVE-2009-2629

Severity CVSS v4.0:
Pending analysis
Type:
CWE-787 Out-of-bounds Write
Publication date:
15/09/2009
Last modified:
09/04/2025

Description

Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* 0.1.0 (including) 0.5.38 (excluding)
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* 0.6.0 (including) 0.6.39 (excluding)
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* 0.7.0 (including) 0.7.62 (excluding)
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* 0.8.0 (including) 0.8.15 (excluding)
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*