7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source
Subscription before versions R2 P1 and R1 P1, and NGINX Plus before
versions R27 P1 and R26 P1 have a vulnerability in the module
ngx_http_mp4_module that might allow a local attacker to corrupt NGINX
worker memory, resulting in its termination or potential other impact using
a specially crafted audio or video file. The issue affects only NGINX
products that are built with the ngx_http_mp4_module, when the mp4
directive is used in the configuration file. Further, the attack is
possible only if an attacker can trigger processing of a specially crafted
audio or video file with the module ngx_http_mp4_module.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | nginx | < 1.14.0-0ubuntu1.11 | UNKNOWN |
ubuntu | 20.04 | noarch | nginx | < 1.18.0-0ubuntu1.4 | UNKNOWN |
ubuntu | 22.04 | noarch | nginx | < 1.18.0-6ubuntu14.3 | UNKNOWN |
ubuntu | 22.10 | noarch | nginx | < 1.22.0-1ubuntu1.1 | UNKNOWN |
ubuntu | 23.04 | noarch | nginx | < 1.22.0-1ubuntu3 | UNKNOWN |
ubuntu | 14.04 | noarch | nginx | < 1.4.6-1ubuntu3.9+esm4) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | nginx | < 1.10.3-0ubuntu0.16.04.5+esm5) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
github.com/nginx/nginx/commit/0d23105373e6d8a720b9826079c077b9b4be919d
launchpad.net/bugs/cve/CVE-2022-41741
mailman.nginx.org/archives/list/[email protected]/message/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA/
nvd.nist.gov/vuln/detail/CVE-2022-41741
security-tracker.debian.org/tracker/CVE-2022-41741
support.f5.com/csp/article/K81926432
ubuntu.com/security/notices/USN-5722-1
www.cve.org/CVERecord?id=CVE-2022-41741
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%