Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2022-41741 First vendor Publication 2022-10-19
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score 7.8
Base Score 7.8 Environmental Score 7.8
impact SubScore 5.9 Temporal Score 7.8
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact High
Integrity Impact High Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 468
Application 1
Os 2
Os 3

Sources (Detail)

https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.netapp.com/advisory/ntap-20230120-0005/
https://support.f5.com/csp/article/K81926432
https://www.debian.org/security/2022/dsa-5281
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 14:15:49
  • Multiple Updates
2023-11-07 21:31:23
  • Multiple Updates
2023-03-24 21:27:30
  • Multiple Updates
2023-01-21 00:27:30
  • Multiple Updates
2022-12-03 09:27:22
  • Multiple Updates
2022-11-23 09:27:28
  • Multiple Updates
2022-11-16 13:27:25
  • Multiple Updates
2022-11-14 21:27:21
  • Multiple Updates
2022-10-28 21:27:17
  • Multiple Updates
2022-10-28 17:27:17
  • Multiple Updates
2022-10-24 21:27:18
  • Multiple Updates
2022-10-20 09:27:13
  • Multiple Updates
2022-10-20 05:27:24
  • First insertion