Search for vulnerabilities
Vulnerability details: VCID-car8-uyyf-aaan
Vulnerability ID VCID-car8-uyyf-aaan
Aliases CVE-2009-2629
VU#180065
Summary Buffer underflow vulnerability
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.56944 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.81297 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.81297 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.81297 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.81297 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.81297 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.81297 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.83818 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.84997 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85564 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85564 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85564 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.85779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.86741 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.86741 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.86741 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.86741 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92779 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
epss 0.92829 https://api.first.org/data/v1/epss?cve=CVE-2009-2629
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=523105
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2009-2629
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
Reference id Reference type URL
http://nginx.net/CHANGES
http://nginx.net/CHANGES-0.5
http://nginx.net/CHANGES-0.6
http://nginx.net/CHANGES-0.7
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2629.json
https://api.first.org/data/v1/epss?cve=CVE-2009-2629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629
https://nginx.org/download/patch.180065.txt
https://nginx.org/download/patch.180065.txt.asc
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html
http://sysoev.ru/nginx/patch.180065.txt
http://www.debian.org/security/2009/dsa-1884
http://www.kb.cert.org/vuls/id/180065
523105 https://bugzilla.redhat.com/show_bug.cgi?id=523105
cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
CVE-2009-2629 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/14830.py
CVE-2009-2629 https://nvd.nist.gov/vuln/detail/CVE-2009-2629
GLSA-200909-18 https://security.gentoo.org/glsa/200909-18
Data source Exploit-DB
Date added Aug. 30, 2010
Description Nginx 0.6.38 - Heap Corruption
Ransomware campaign use Known
Source publication date Aug. 29, 2010
Exploit type local
Platform linux
Source update date April 16, 2011
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-2629
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.973
EPSS Score 0.56944
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.