Unrated severityNVD Advisory· Published Sep 15, 2009· Updated Apr 23, 2026
CVE-2009-2629
CVE-2009-2629
Description
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
Affected products
6cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- nginx.net/CHANGESnvdRelease NotesVendor Advisory
- nginx.net/CHANGES-0.5nvdRelease NotesVendor Advisory
- nginx.net/CHANGES-0.6nvdRelease NotesVendor Advisory
- nginx.net/CHANGES-0.7nvdRelease NotesVendor Advisory
- www.debian.org/security/2009/dsa-1884nvdThird Party Advisory
- www.kb.cert.org/vuls/id/180065nvdThird Party AdvisoryUS Government Resource
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.htmlnvdThird Party Advisory
- sysoev.ru/nginx/patch.180065.txtnvdBroken Link
News mentions
0No linked articles in our index yet.