CVE-2018-16845 Information

Description

nginx before versions 1.15.6 1.14.1 has a vulnerability in the ngx_http_mp4_module which might allow an attacker to cause infinite loop in a worker process cause a worker process crash or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html http://www.securityfocus.com/bid/105868 http://www.securitytracker.com/id/1042039 https://access.redhat.com/errata/RHSA-2018:3652 https://access.redhat.com/errata/RHSA-2018:3653 https://access.redhat.com/errata/RHSA-2018:3680 https://access.redhat.com/errata/RHSA-2018:3681 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845 https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html https://usn.ubuntu.com/3812-1/ https://www.debian.org/security/2018/dsa-4335

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.1