Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:3261

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: nginx:1.22 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.

Security Fix(es):

  • nginx: specially crafted MP4 file may cause denial of service (CVE-2024-7347)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
nginxx86_648.module+el9.6.0+32001+2660e3dc.1nginx-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.x86_64.rpm
nginx-all-modulesnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-all-modules-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-all-modulesnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-all-modules-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-all-modulesnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-all-modules-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-all-modulesnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-all-modules-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-corex86_648.module+el9.6.0+32001+2660e3dc.1nginx-core-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.x86_64.rpm
nginx-filesystemnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-filesystem-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-filesystemnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-filesystem-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-filesystemnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-filesystem-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm
nginx-filesystemnoarch8.module+el9.6.0+32001+2660e3dc.1nginx-filesystem-1.22.1-8.module+el9.6.0+32001+2660e3dc.1.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-7347

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-7347

CVSS3: 4.7
ubuntu
больше 1 года назад

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

redhat логотип

CVE-2024-7347

CVSS3: 4.7
redhat
больше 1 года назад

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

nvd логотип

CVE-2024-7347

CVSS3: 4.7
nvd
больше 1 года назад

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

msrc логотип

CVE-2024-7347

CVSS3: 4.7
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2024-7347

CVSS3: 4.7
debian
больше 1 года назад

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...