Vulnerabilities in Nginx allows DoS attack; Patch now

Out-of-bounds read causing DoS Attack – CVE-ID: CVE-2022-41741, CVE-2022-41742

A remote attacker might exploit this nginx vulnerability to access potentially sensitive data or launch a denial-of-service attack.

The ngx_http_mp4_module module’s boundary condition while processing MP4 files is the cause of the vulnerability. A remote attacker has the ability to launch a denial of service attack, send the server a specially constructed file, cause an out-of-bounds read error, and access the contents of memory on the system.

Patch

Install updates from nginx website.

Vulnerable nginx versions

nginx: 1.23.0 – 1.23.1, 1.22.0, 1.21.0 – 1.21.6, 1.20.0 – 1.20.2, 1.19.0 – 1.19.10, 1.18.0, 1.17.0 – 1.17.10, 1.16.0 – 1.16.1, 1.15.0 – 1.15.12, 1.14.0 – 1.14.2, 1.12.0 – 1.12.2, 1.11.0 – 1.11.13, 1.13.0 – 1.13.12, 1.10.0 – 1.10.3, 1.1.3 – 1.1.19, 1.0.7 – 1.0.15