Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
Vulnerability Description
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
跨界内存写
Vulnerability Title
F5 Nginx 缓冲区错误漏洞
Vulnerability Description
F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器,在BSD-like协议下发行。 F5 Nginx存在缓冲区错误漏洞,该漏洞源于其ngx_http_mp4_module模块可能允许本地攻击者通过使用特别制作的音频或视频文件导致工作进程崩溃或内存泄露。以下版本受到影响:NGINX Open Source1.23.2和1.22.1之前的版本、NGINX Open Source Subscription R2 P1和R1 P1之前的版本、NGINX
CVSS Information
N/A
Vulnerability Type
N/A