CVE-2009-3896 in Ubuntu

CVE-2009-3896

Priority

Description

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14,
0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x
before 0.8.14 allows remote attackers to cause a denial of service (NULL
pointer dereference and worker process crash) via a long URI.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3896

Bugs

https://bugs.edge.launchpad.net/ubuntu/+source/nginx/+bug/511681

Notes

Package

Source: nginx (LP Ubuntu Debian)

Upstream:	released (0.5.38, 0.7.62, 0.8.14)
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected

Patches:

Upstream:

http://sysoev.ru/nginx/patch.null.pointer.txt

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-02-10 23:39:14 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)