Описание
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.26.0-2ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 1.4.6-1ubuntu3.9+esm5 |
| esm-infra/bionic | released | 1.14.0-0ubuntu1.11+esm1 |
| esm-infra/focal | not-affected | 1.18.0-0ubuntu1.6 |
| esm-infra/xenial | released | 1.10.3-0ubuntu0.16.04.5+esm6 |
| focal | released | 1.18.0-0ubuntu1.6 |
| jammy | released | 1.18.0-6ubuntu14.5 |
| noble | released | 1.24.0-2ubuntu7.1 |
| oracular | not-affected | 1.26.0-2ubuntu2 |
| trusty/esm | released | 1.4.6-1ubuntu3.9+esm5 |
Показывать по
4.7 Medium
CVSS3
Связанные уязвимости
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...
4.7 Medium
CVSS3