N/A

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

N/A

未加控制的资源消耗(资源穷尽)

F5 Nginx 内存泄漏漏洞

F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器，在BSD-like协议下发行。 F5 Nginx 1.15.6版本、1.14.1版本存在内存泄漏漏洞，该漏洞源于在worker进程中无限循环，导致worker进程崩溃。

N/A

N/A