CVE-2014-0088 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
f5	nginx	1.5.10

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nginx

bookworm	1.22.1-9 fixed
bullseye	1.18.0-6.1+deb11u3 fixed
bullseye (security)	1.18.0-6.1+deb11u3 fixed
sid	1.26.0-3 fixed
trixie	1.26.0-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

nginx

lucid	not-affected
precise	not-affected
quantal	not-affected
saucy	not-affected
trusty	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html

http://www.securitytracker.com/id/1030150

http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html

http://www.securitytracker.com/id/1030150