Nginx · Nginx · CVE-2013-2028
**Name of the Vulnerable Software and Affected Versions**
nginx versions 1.3.9 through 1.4.0
**Description**
The issue allows remote attackers to cause a denial of service and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size. This triggers an integer signedness error and a stack-based buffer overflow.
**Recommendations**
For nginx versions 1.3.9 through 1.4.0, update to a version that fixes the integer signedness error and stack-based buffer overflow in the ngx http parse chunked function.