Lucene search

PRIOn knowledge basePRION:CVE-2012-2089

HistoryApr 17, 2012 - 9:55 p.m.

Buffer overflow

2012-04-1721:55:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

CPENameOperatorVersion
nginxge1.0.7
nginxle1.0.14
nginxge1.1.3
nginxle1.1.18
fedoraeq17
fedoraeq16
fedoraeq15

Name	Operator	Version
nginx	ge	1.0.7
nginx	le	1.0.14
nginx	ge	1.1.3
nginx	le	1.1.18
fedora	eq	17
fedora	eq	16
fedora	eq	15

References

nginx.org/en/security_advisories.html

www.openwall.com/lists/oss-security/2012/04/12/9

www.securityfocus.com/bid/52999

www.securitytracker.com/id?1026924

exchange.xforce.ibmcloud.com/vulnerabilities/74831

lists.fedoraproject.org/pipermail/package-announce/2012-April/079388.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/079467.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/079474.html