3 matches found
NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file
A flaw was found in NGINX Open Source, specifically within the ngxhttpmp4module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resultin...
PT-2024-5858
Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions prior to 1.26.2 NGINX Open Source and NGINX Plus versions prior to 1.27.1 Description The issue is related to a buffer overread vulnerability in the ngx http mp4 module, which might allow an attacker t...
PT-2022-5185
Name of the Vulnerable Software and Affected Versions NGINX Open Source versions 1.23.2 and 1.22.1 and earlier NGINX Open Source Subscription versions R2 P1 and R1 P1 and earlier NGINX Plus versions R27 P1 and R26 P1 and earlier Description The issue is related to a buffer-over-read vulnerability...