nginx ngx_http_mp4_module Vulnerability in Nginx Software
CVE-2018-16845

8.2HIGH

Key Information:

Vendor

[unknown]

Status
Nginx
Vendor
CVE Published:
7 November 2018

What is CVE-2018-16845?

The ngx_http_mp4_module in nginx, prior to version 1.15.6 and 1.14.1, contains a flaw that could allow an attacker to craft a malicious MP4 file, resulting in an infinite loop within a worker process. This issue may lead to crashes of the worker processes, or even the disclosure of sensitive memory information, provided the nginx server is configured to process MP4 files with this specific module, which is not enabled by default.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

nginx 1.15.6

nginx 1.14.1

References

https://www.debian.org/security/2018/dsa-4335
vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3680
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3681
vendor-advisoryx_refsource_REDHAT

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.