CVE-2022-41741

🗓️ 19 Oct 2022 21:20:24Reported by f5Type

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 1465 Views

NGINX Open Source and NGINX Plus before 1.23.2, 1.22.1, R2 P1, R1 P1, R27 P1, and R26 P1 allows local attacker to corrupt NGINX worker memory via specially crafted audio/video file

Reporter	Title	Published	Views	Family All 143
IBM Security Bulletins	Security Bulletin: A vulnerability in nginx may affect IBM Robotic Process Automation for Cloud Pak resulting in a denial of service (CVE-2022-41741, CVE-2022-41742)	4 Jan 202319:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for Nov 2024	26 Nov 202409:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in F5 NGINX	2 May 202320:56	–	ibm
GithubExploit	Exploit for Type Confusion in Google Chrome	10 Feb 202523:04	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in F5 Nginx	7 May 202523:26	–	githubexploit
FreeBSD	nginx -- Two vulnerabilities	19 Oct 202200:00	–	freebsd
Tenable Nessus	Amazon Linux 2022 : nginx, nginx-all-modules, nginx-core (ALAS2022-2023-270)	25 Jan 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : nginx (ALASNGINX1-2023-001)	27 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : nginx (ALAS-2023-1665)	24 Jan 202300:00	–	nessus

NVD

Node

f5 nginxRange1.1.3–1.22.0open_source

f5 nginxRanger22–r27plus

f5 nginxMatch1.23.0open_source

f5 nginxMatch1.23.1open_source

f5 nginxMatchr1open_source_subscription

f5 nginxMatchr2open_source_subscription

f5 nginx_ingress_controllerRange1.9.0–1.12.4

f5 nginx_ingress_controllerRange2.0.0–2.4.0

Node

fedoraproject fedoraMatch35

fedoraproject fedoraMatch36

fedoraproject fedoraMatch37

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

[
  {
    "vendor": "F5",
    "product": "NGINX",
    "versions": [
      {
        "version": "Mainline",
        "status": "affected",
        "lessThan": "1.23.2",
        "versionType": "custom"
      },
      {
        "version": "Stable",
        "status": "affected",
        "lessThan": "1.22.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "F5",
    "product": "NGINX Plus",
    "versions": [
      {
        "version": "R27",
        "status": "affected",
        "lessThan": "R27-p1",
        "versionType": "custom"
      },
      {
        "version": "R1",
        "status": "affected",
        "lessThan": "R26-p1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "F5",
    "product": "NGINX Open Source Subscription",
    "versions": [
      {
        "version": "R2",
        "status": "affected",
        "lessThan": "R2 P1",
        "versionType": "custom"
      },
      {
        "version": "R1",
        "status": "affected",
        "lessThan": "R1 P1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
support	www.support.f5.com/csp/article/K81926432
security	www.security.netapp.com/advisory/ntap-20230120-0005/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/
debian	www.debian.org/security/2022/dsa-5281
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/
lists	www.lists.debian.org/debian-lts-announce/2022/11/msg00031.html