### [CVE-2013-2028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow. ### POC #### Reference - http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html - http://packetstormsecurity.com/files/121675/Nginx-1.3.9-1.4.0-Denial-Of-Service.html - https://github.com/rapid7/metasploit-framework/pull/1834 - https://github.com/rapid7/metasploit-framework/pull/1834 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/JERRY123S/all-poc - https://github.com/Sunqiz/CVE-2013-2028-reproduction - https://github.com/alexgeunholee/zeus-software-security - https://github.com/anquanscan/sec-tools - https://github.com/camel-clarkson/non-controlflow-hijacking-datasets - https://github.com/cyberanand1337x/bug-bounty-2022 - https://github.com/danghvu/nginx-1.4.0 - https://github.com/dyjakan/exploit-development-case-studies - https://github.com/hktalent/TOP - https://github.com/jbmihoub/all-poc - https://github.com/jptr218/nginxhack - https://github.com/kitctf/nginxpwn - https://github.com/m4drat/CVE-2013-2028-Exploit - https://github.com/mambroziak/docker-cve-2013-2028 - https://github.com/mertsarica/hack4career - https://github.com/mudongliang/LinuxFlaw - https://github.com/oneoy/cve- - https://github.com/q40603/Continuous-Invivo-Fuzz - https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC - https://github.com/weeka10/-hktalent-TOP