CVE-2022-41742— NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-41742
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
Source: NVD (National Vulnerability Database)
Vulnerability Description
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存写
Source: NVD (National Vulnerability Database)
Vulnerability Title
F5 Nginx 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,在BSD-like协议下发行。 F5 Nginx存在缓冲区错误漏洞,该漏洞源于其ngx_http_mp4_module模块可能允许本地攻击者通过使用特别制作的音频或视频文件导致工作进程崩溃或内存泄露。以下版本受到影响:NGINX Open Source1.23.2和1.22.1之前的版本、NGINX Open Source Subscription R2 P1和R1 P1之前的版本、NGINX
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| F5 | NGINX | Mainline ~ 1.23.2 | - | |
| F5 | NGINX Plus | R27 ~ R27-p1 | - | |
| F5 | NGINX Open Source Subscription | R2 ~ R2 P1 | - |
II. Public POCs for CVE-2022-41742
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-41742
请登录查看更多情报信息。
- https://www.debian.org/security/2022/dsa-5281vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41742
Same Patch Batch · F5 · 2022-10-19 · 18 CVEs total
| CVE-2022-41836 | 7.5 HIGH | BIG-IP Advanced WAF and ASM bd vulnerability CVE-2022-41836 |
| CVE-2022-41833 | 7.5 HIGH | BIG-IP iRule vulnerability CVE-2022-41833 |
| CVE-2022-41832 | 7.5 HIGH | BIG-IP SIP vulnerability CVE-2022-41832 |
| CVE-2022-41806 | 7.5 HIGH | BIG-IP AFM NAT64 Policy Vulnerability CVE-2022-41806 |
| CVE-2022-41787 | 7.5 HIGH | BIG-IP DNS Express vulnerability CVE-2022-41787 |
| CVE-2022-41624 | 7.5 HIGH | BIG-IP iRules vulnerability CVE-2022-41624 |
| CVE-2022-41691 | 7.5 HIGH | BIG-IP Advanced WAF/ASM bd vulnerability CVE-2022-41691 |
| CVE-2022-41835 | 7.3 HIGH | F5OS vulnerability CVE-2022-41835 |
| CVE-2022-41617 | 7.2 HIGH | BIG-IP Advanced WAF and ASM iControl REST vulnerability CVE-2022-41617 |
| CVE-2022-41743 | 7.0 HIGH | NGINX ngx_http_hls_module vulnerability CVE-2022-41743 |
| CVE-2022-41741 | 7.0 HIGH | NGINX ngx_http_mp4_module vulnerability CVE-2022-41741 |
| CVE-2022-41813 | 6.5 MEDIUM | BIG-IP PEM and AFM TMUI, TMSH and iControl vulnerability CVE-2022-41813 |
| CVE-2022-41770 | 6.5 MEDIUM | BIG-IP and BIG-IQ iControl REST vulnerability CVE-2022-41770 |
| CVE-2022-41780 | 5.5 MEDIUM | F5OS CLI vulnerability CVE-2022-41780 |
| CVE-2022-36795 | 5.3 MEDIUM | BIG-IP software SYN cookies vulnerability CVE-2022-36795 |
| CVE-2022-41694 | 4.9 MEDIUM | BIG-IP and BIG-IQ mcpd vulnerability CVE-2022-41694 |
| CVE-2022-41983 | 3.7 LOW | BIG-IP TMM Vulnerability CVE-2022-41983 |
IV. Related Vulnerabilities
V. Comments for CVE-2022-41742
No comments yet