CVE-2009-3896

Description

src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.

Affected products

• F5 / NGINX0.1.0 – 0.1.0
• F5 / NGINX0.1.1 – 0.1.1
• F5 / NGINX0.1.2 – 0.1.2
• F5 / NGINX0.1.3 – 0.1.3
• F5 / NGINX0.1.4 – 0.1.4
• F5 / NGINX0.1.5 – 0.1.5
• F5 / NGINX0.1.6 – 0.1.6
• F5 / NGINX0.1.7 – 0.1.7
• F5 / NGINX0.1.8 – 0.1.8
• F5 / NGINX0.1.9 – 0.1.9
• F5 / NGINX0.1.10 – 0.1.10
• F5 / NGINX0.1.11 – 0.1.11
• F5 / NGINX0.1.12 – 0.1.12
• F5 / NGINX0.1.13 – 0.1.13
• F5 / NGINX0.1.14 – 0.1.14
• F5 / NGINX0.1.15 – 0.1.15
• F5 / NGINX0.1.16 – 0.1.16
• F5 / NGINX0.1.17 – 0.1.17
• F5 / NGINX0.1.18 – 0.1.18
• F5 / NGINX0.1.19 – 0.1.19
• F5 / NGINX0.1.20 – 0.1.20
• F5 / NGINX0.1.21 – 0.1.21
• F5 / NGINX0.1.22 – 0.1.22
• F5 / NGINX0.1.23 – 0.1.23
• F5 / NGINX0.1.24 – 0.1.24
• F5 / NGINX0.1.25 – 0.1.25
• F5 / NGINX0.1.26 – 0.1.26
• F5 / NGINX0.1.27 – 0.1.27
• F5 / NGINX0.1.28 – 0.1.28
• F5 / NGINX0.1.29 – 0.1.29
• F5 / NGINX0.1.30 – 0.1.30
• F5 / NGINX0.1.31 – 0.1.31
• F5 / NGINX0.1.32 – 0.1.32
• F5 / NGINX0.1.33 – 0.1.33
• F5 / NGINX0.1.34 – 0.1.34
• F5 / NGINX0.1.35 – 0.1.35
• F5 / NGINX0.1.36 – 0.1.36
• F5 / NGINX0.1.37 – 0.1.37
• F5 / NGINX0.1.38 – 0.1.38
• F5 / NGINX0.1.39 – 0.1.39
• F5 / NGINX0.1.40 – 0.1.40
• F5 / NGINX0.1.41 – 0.1.41
• F5 / NGINX0.1.42 – 0.1.42
• F5 / NGINX0.1.43 – 0.1.43
• F5 / NGINX0.1.44 – 0.1.44
• F5 / NGINX0.1.45 – 0.1.45
• F5 / NGINX0.2.0 – 0.2.0
• F5 / NGINX0.2.1 – 0.2.1
• F5 / NGINX0.2.2 – 0.2.2
• F5 / NGINX0.2.3 – 0.2.3
• F5 / NGINX0.2.4 – 0.2.4
• F5 / NGINX0.2.5 – 0.2.5
• F5 / NGINX0.2.6 – 0.2.6
• F5 / NGINX0.3.0 – 0.3.0
• F5 / NGINX0.3.1 – 0.3.1
• F5 / NGINX0.3.2 – 0.3.2
• F5 / NGINX0.3.3 – 0.3.3
• F5 / NGINX0.3.4 – 0.3.4
• F5 / NGINX0.3.5 – 0.3.5
• F5 / NGINX0.3.6 – 0.3.6
• F5 / NGINX0.3.7 – 0.3.7
• F5 / NGINX0.3.8 – 0.3.8
• F5 / NGINX0.3.9 – 0.3.9
• F5 / NGINX0.3.10 – 0.3.10
• F5 / NGINX0.3.11 – 0.3.11
• F5 / NGINX0.3.12 – 0.3.12
• F5 / NGINX0.3.13 – 0.3.13
• F5 / NGINX0.3.14 – 0.3.14
• F5 / NGINX0.3.15 – 0.3.15
• F5 / NGINX0.3.16 – 0.3.16
• F5 / NGINX0.3.17 – 0.3.17
• F5 / NGINX0.3.18 – 0.3.18
• F5 / NGINX0.3.19 – 0.3.19
• F5 / NGINX0.3.20 – 0.3.20
• F5 / NGINX0.3.21 – 0.3.21
• F5 / NGINX0.3.22 – 0.3.22
• F5 / NGINX0.3.23 – 0.3.23
• F5 / NGINX0.3.24 – 0.3.24
• F5 / NGINX0.3.25 – 0.3.25
• F5 / NGINX0.3.26 – 0.3.26
• F5 / NGINX0.3.27 – 0.3.27
• F5 / NGINX0.3.28 – 0.3.28
• F5 / NGINX0.3.29 – 0.3.29
• F5 / NGINX0.3.30 – 0.3.30
• F5 / NGINX0.3.31 – 0.3.31
• F5 / NGINX0.3.32 – 0.3.32
• F5 / NGINX0.3.33 – 0.3.33
• F5 / NGINX0.3.34 – 0.3.34
• F5 / NGINX0.3.35 – 0.3.35
• F5 / NGINX0.3.36 – 0.3.36
• F5 / NGINX0.3.37 – 0.3.37
• F5 / NGINX0.3.38 – 0.3.38
• F5 / NGINX0.3.39 – 0.3.39
• F5 / NGINX0.3.40 – 0.3.40
• F5 / NGINX0.3.41 – 0.3.41
• F5 / NGINX0.3.42 – 0.3.42
• F5 / NGINX0.3.43 – 0.3.43
• F5 / NGINX0.3.44 – 0.3.44
• F5 / NGINX0.3.45 – 0.3.45
• F5 / NGINX0.3.46 – 0.3.46
• F5 / NGINX0.3.47 – 0.3.47
• F5 / NGINX0.3.48 – 0.3.48
• F5 / NGINX0.3.49 – 0.3.49
• F5 / NGINX0.3.50 – 0.3.50
• F5 / NGINX0.3.51 – 0.3.51
• F5 / NGINX0.3.52 – 0.3.52
• F5 / NGINX0.3.53 – 0.3.53
• F5 / NGINX0.3.54 – 0.3.54
• F5 / NGINX0.3.55 – 0.3.55
• F5 / NGINX0.3.56 – 0.3.56
• F5 / NGINX0.3.57 – 0.3.57
• F5 / NGINX0.3.58 – 0.3.58
• F5 / NGINX0.3.59 – 0.3.59
• F5 / NGINX0.3.60 – 0.3.60
• F5 / NGINX0.3.61 – 0.3.61
• F5 / NGINX0.4.0 – 0.4.0
• F5 / NGINX0.4.1 – 0.4.1
• F5 / NGINX0.4.2 – 0.4.2
• F5 / NGINX0.4.3 – 0.4.3
• F5 / NGINX0.4.4 – 0.4.4
• F5 / NGINX0.4.5 – 0.4.5
• F5 / NGINX0.4.6 – 0.4.6
• F5 / NGINX0.4.7 – 0.4.7
• F5 / NGINX0.4.8 – 0.4.8
• F5 / NGINX0.4.9 – 0.4.9
• F5 / NGINX0.4.10 – 0.4.10
• F5 / NGINX0.4.11 – 0.4.11
• F5 / NGINX0.4.12 – 0.4.12
• F5 / NGINX0.4.13 – 0.4.13
• F5 / NGINX0.5.0 – 0.5.0
• F5 / NGINX0.5.1 – 0.5.1
• F5 / NGINX0.5.2 – 0.5.2
• F5 / NGINX0.5.3 – 0.5.3
• F5 / NGINX0.5.4 – 0.5.4
• F5 / NGINX0.5.5 – 0.5.5
• F5 / NGINX0.5.6 – 0.5.6
• F5 / NGINX0.5.7 – 0.5.7
• F5 / NGINX0.5.8 – 0.5.8
• F5 / NGINX0.5.9 – 0.5.9
• F5 / NGINX0.5.10 – 0.5.10
• F5 / NGINX0.5.11 – 0.5.11
• F5 / NGINX0.5.12 – 0.5.12
• F5 / NGINX0.5.13 – 0.5.13
• F5 / NGINX0.5.14 – 0.5.14
• F5 / NGINX0.5.15 – 0.5.15
• F5 / NGINX0.5.16 – 0.5.16
• F5 / NGINX0.5.17 – 0.5.17
• F5 / NGINX0.5.18 – 0.5.18
• F5 / NGINX0.5.19 – 0.5.19
• F5 / NGINX0.5.20 – 0.5.20
• F5 / NGINX0.5.21 – 0.5.21
• F5 / NGINX0.5.22 – 0.5.22
• F5 / NGINX0.5.23 – 0.5.23
• F5 / NGINX0.5.24 – 0.5.24
• F5 / NGINX0.5.25 – 0.5.25
• F5 / NGINX0.5.26 – 0.5.26
• F5 / NGINX0.5.27 – 0.5.27
• F5 / NGINX0.5.28 – 0.5.28
• F5 / NGINX0.5.29 – 0.5.29
• F5 / NGINX0.5.30 – 0.5.30
• F5 / NGINX0.5.31 – 0.5.31
• F5 / NGINX0.5.32 – 0.5.32
• F5 / NGINX0.5.33 – 0.5.33
• F5 / NGINX0.5.34 – 0.5.34
• F5 / NGINX0.5.35 – 0.5.35
• F5 / NGINX0.5.36 – 0.5.36
• F5 / NGINX0.5.37 – 0.5.37
• F5 / NGINX0.6.0 – 0.6.0
• F5 / NGINX0.6.1 – 0.6.1
• F5 / NGINX0.6.2 – 0.6.2
• F5 / NGINX0.6.3 – 0.6.3
• F5 / NGINX0.6.4 – 0.6.4
• F5 / NGINX0.6.5 – 0.6.5
• F5 / NGINX0.6.6 – 0.6.6
• F5 / NGINX0.6.7 – 0.6.7
• F5 / NGINX0.6.8 – 0.6.8
• F5 / NGINX0.6.9 – 0.6.9
• F5 / NGINX0.6.10 – 0.6.10
• F5 / NGINX0.6.11 – 0.6.11
• F5 / NGINX0.6.12 – 0.6.12
• F5 / NGINX0.6.13 – 0.6.13
• F5 / NGINX0.6.14 – 0.6.14
• F5 / NGINX0.6.15 – 0.6.15
• F5 / NGINX0.6.17 – 0.6.17
• F5 / NGINX0.6.18 – 0.6.18
• F5 / NGINX0.6.19 – 0.6.19
• F5 / NGINX0.6.20 – 0.6.20
• F5 / NGINX0.6.21 – 0.6.21
• F5 / NGINX0.6.22 – 0.6.22
• F5 / NGINX0.6.23 – 0.6.23
• F5 / NGINX0.6.24 – 0.6.24
• F5 / NGINX0.6.25 – 0.6.25
• F5 / NGINX0.6.26 – 0.6.26
• F5 / NGINX0.6.27 – 0.6.27
• F5 / NGINX0.6.28 – 0.6.28
• F5 / NGINX0.6.29 – 0.6.29
• F5 / NGINX0.6.30 – 0.6.30
• F5 / NGINX0.6.31 – 0.6.31
• F5 / NGINX0.6.32 – 0.6.32
• F5 / NGINX0.6.33 – 0.6.33
• F5 / NGINX0.6.34 – 0.6.34
• F5 / NGINX0.6.35 – 0.6.35
• F5 / NGINX0.6.36 – 0.6.36
• F5 / NGINX0.6.37 – 0.6.37
• F5 / NGINX0.6.38 – 0.6.38
• F5 / NGINX0.7.0 – 0.7.0
• F5 / NGINX0.7.1 – 0.7.1
• F5 / NGINX0.7.2 – 0.7.2
• F5 / NGINX0.7.3 – 0.7.3
• F5 / NGINX0.7.4 – 0.7.4
• F5 / NGINX0.7.5 – 0.7.5
• F5 / NGINX0.7.6 – 0.7.6
• F5 / NGINX0.7.7 – 0.7.7
• F5 / NGINX0.7.8 – 0.7.8
• F5 / NGINX0.7.9 – 0.7.9
• F5 / NGINX0.7.10 – 0.7.10
• F5 / NGINX0.7.11 – 0.7.11
• F5 / NGINX0.7.12 – 0.7.12
• F5 / NGINX0.7.13 – 0.7.13
• F5 / NGINX0.7.14 – 0.7.14
• F5 / NGINX0.7.15 – 0.7.15
• F5 / NGINX0.7.16 – 0.7.16
• F5 / NGINX0.7.17 – 0.7.17
• F5 / NGINX0.7.18 – 0.7.18
• F5 / NGINX0.7.19 – 0.7.19
• F5 / NGINX0.7.20 – 0.7.20
• F5 / NGINX0.7.21 – 0.7.21
• F5 / NGINX0.7.22 – 0.7.22
• F5 / NGINX0.7.23 – 0.7.23
• F5 / NGINX0.7.24 – 0.7.24
• F5 / NGINX0.7.25 – 0.7.25
• F5 / NGINX0.7.26 – 0.7.26
• F5 / NGINX0.7.27 – 0.7.27
• F5 / NGINX0.7.28 – 0.7.28
• F5 / NGINX0.7.29 – 0.7.29
• F5 / NGINX0.7.30 – 0.7.30
• F5 / NGINX0.7.31 – 0.7.31
• F5 / NGINX0.7.32 – 0.7.32
• F5 / NGINX0.7.33 – 0.7.33
• F5 / NGINX0.7.34 – 0.7.34
• F5 / NGINX0.7.35 – 0.7.35
• F5 / NGINX0.7.36 – 0.7.36
• F5 / NGINX0.7.37 – 0.7.37
• F5 / NGINX0.7.38 – 0.7.38
• F5 / NGINX0.7.39 – 0.7.39
• F5 / NGINX0.7.40 – 0.7.40
• F5 / NGINX0.7.41 – 0.7.41
• F5 / NGINX0.7.42 – 0.7.42
• F5 / NGINX0.7.43 – 0.7.43
• F5 / NGINX0.7.44 – 0.7.44
• F5 / NGINX0.7.45 – 0.7.45
• F5 / NGINX0.7.46 – 0.7.46
• F5 / NGINX0.7.47 – 0.7.47
• F5 / NGINX0.7.48 – 0.7.48
• F5 / NGINX0.7.49 – 0.7.49
• F5 / NGINX0.7.50 – 0.7.50
• F5 / NGINX0.7.51 – 0.7.51
• F5 / NGINX0.7.52 – 0.7.52
• F5 / NGINX0.7.53 – 0.7.53
• F5 / NGINX0.7.54 – 0.7.54
• F5 / NGINX0.7.55 – 0.7.55
• F5 / NGINX0.7.56 – 0.7.56
• F5 / NGINX0.7.57 – 0.7.57
• F5 / NGINX0.7.58 – 0.7.58
• F5 / NGINX0.7.59 – 0.7.59
• F5 / NGINX0.7.60 – 0.7.60
• F5 / NGINX0.7.61 – 0.7.61
• F5 / NGINX0.8.0 – 0.8.0
• F5 / NGINX0.8.1 – 0.8.1
• F5 / NGINX0.8.2 – 0.8.2
• F5 / NGINX0.8.3 – 0.8.3
• F5 / NGINX0.8.4 – 0.8.4
• F5 / NGINX0.8.5 – 0.8.5
• F5 / NGINX0.8.6 – 0.8.6
• F5 / NGINX0.8.7 – 0.8.7
• F5 / NGINX0.8.8 – 0.8.8
• F5 / NGINX0.8.9 – 0.8.9
• F5 / NGINX0.8.10 – 0.8.10
• F5 / NGINX0.8.11 – 0.8.11
• F5 / NGINX0.8.12 – 0.8.12
• F5 / NGINX0.8.13 – 0.8.13
• F5 / NGINX0.8.14 – 0.8.14
• nginx / nginx0.6.1516 – 0.6.1516

References

• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
• MISChttp://www.securityfocus.com/bid/36839
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/11/23/10
• MISChttps://bugzilla.redhat.com/show_bug.cgi?id=539565
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
• VENDOR_ADVISORYhttp://security.debian.org/pool/updates/main/n/nginx/nginx_0.4.13-2+etch3.diff.gz
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2009/dsa-1920
• VENDOR_ADVISORYhttp://secunia.com/advisories/48577
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/11/20/6
• MISChttp://sysoev.ru/nginx/patch.null.pointer.txt
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/11/20/1
• MISChttp://security.gentoo.org/glsa/glsa-201203-22.xml
• MAILING_LISThttp://marc.info/?l=nginx&m=125692080328141&w=2