Out-of-bounds read causing DoS Attack – CVE-ID: CVE-2022-41741, CVE-2022-41742
A remote attacker might exploit this nginx vulnerability to access potentially sensitive data or launch a denial-of-service attack.
The ngx_http_mp4_module module’s boundary condition while processing MP4 files is the cause of the vulnerability. A remote attacker has the ability to launch a denial of service attack, send the server a specially constructed file, cause an out-of-bounds read error, and access the contents of memory on the system.
Patch
Install updates from nginx website.
Vulnerable nginx versions
nginx: 1.23.0 – 1.23.1, 1.22.0, 1.21.0 – 1.21.6, 1.20.0 – 1.20.2, 1.19.0 – 1.19.10, 1.18.0, 1.17.0 – 1.17.10, 1.16.0 – 1.16.1, 1.15.0 – 1.15.12, 1.14.0 – 1.14.2, 1.12.0 – 1.12.2, 1.11.0 – 1.11.13, 1.13.0 – 1.13.12, 1.10.0 – 1.10.3, 1.1.3 – 1.1.19, 1.0.7 – 1.0.15
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.