CVE-2022-41742

🗓️ 19 Oct 2022 21:20:50Reported by f5Type

cve🔗 web.nvd.nist.gov📰️ 8 Media mentions👁 657 Views

NGINX Open Source & Subscription before 1.23.2, R2 P1, R1 P1, and NGINX Plus before R27 P1, R26 P1 have a vulnerability allowing worker process crash or memory disclosure via specially crafted audio or video file

Reporter	Title	Published	Views	Family All 141
IBM Security Bulletins	Security Bulletin: A vulnerability in nginx may affect IBM Robotic Process Automation for Cloud Pak resulting in a denial of service (CVE-2022-41741, CVE-2022-41742)	4 Jan 202319:55	–	ibm
GithubExploit	Exploit for Type Confusion in Google Chrome	10 Feb 202523:04	–	githubexploit
GithubExploit	Exploit for Out-of-bounds Write in F5 Nginx	7 May 202523:26	–	githubexploit
FreeBSD	nginx -- Two vulnerabilities	19 Oct 202200:00	–	freebsd
Tenable Nessus	Amazon Linux 2022 : nginx, nginx-all-modules, nginx-core (ALAS2022-2023-270)	25 Jan 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : nginx (ALASNGINX1-2023-001)	27 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : nginx (ALAS-2023-1665)	24 Jan 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nginx (ALSA-2025:7402)	21 May 202500:00	–	nessus
Tenable Nessus	Debian dla-3203 : libnginx-mod-http-auth-pam - security update	24 Nov 202200:00	–	nessus

NVD

Node

f5 nginxRange1.1.3–1.22.0open_source

f5 nginxRanger22–r27plus

f5 nginxMatch1.23.0open_source

f5 nginxMatch1.23.1open_source

f5 nginxMatchr1open_source_subscription

f5 nginxMatchr2open_source_subscription

f5 nginx_ingress_controllerRange1.9.0–1.12.4

f5 nginx_ingress_controllerRange2.0.0–2.4.0

Node

fedoraproject fedoraMatch35

fedoraproject fedoraMatch36

fedoraproject fedoraMatch37

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

[
  {
    "vendor": "F5",
    "product": "NGINX",
    "versions": [
      {
        "version": "Mainline",
        "status": "affected",
        "lessThan": "1.23.2",
        "versionType": "custom"
      },
      {
        "version": "Stable",
        "status": "affected",
        "lessThan": "1.22.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "F5",
    "product": "NGINX Plus",
    "versions": [
      {
        "version": "R27",
        "status": "affected",
        "lessThan": "R27-p1",
        "versionType": "custom"
      },
      {
        "version": "R1",
        "status": "affected",
        "lessThan": "R26-p1",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "F5",
    "product": "NGINX Open Source Subscription",
    "versions": [
      {
        "version": "R2",
        "status": "affected",
        "lessThan": "R2 P1",
        "versionType": "custom"
      },
      {
        "version": "R1",
        "status": "affected",
        "lessThan": "R1 P1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20230120-0005/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/
debian	www.debian.org/security/2022/dsa-5281
support	www.support.f5.com/csp/article/K28112382
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/
lists	www.lists.debian.org/debian-lts-announce/2022/11/msg00031.html