CVE - CVE-2018-16845

CVE-ID
CVE-2018-16845	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:105868 URL:http://www.securityfocus.com/bid/105868 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845 CONFIRM:https://support.apple.com/kb/HT212818 DEBIAN:DSA-4335 URL:https://www.debian.org/security/2018/dsa-4335 FULLDISC:20210921 APPLE-SA-2021-09-20-4 Xcode 13 URL:http://seclists.org/fulldisclosure/2021/Sep/36 MISC:http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html MLIST:[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update URL:https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html REDHAT:RHSA-2018:3652 URL:https://access.redhat.com/errata/RHSA-2018:3652 REDHAT:RHSA-2018:3653 URL:https://access.redhat.com/errata/RHSA-2018:3653 REDHAT:RHSA-2018:3680 URL:https://access.redhat.com/errata/RHSA-2018:3680 REDHAT:RHSA-2018:3681 URL:https://access.redhat.com/errata/RHSA-2018:3681 SECTRACK:1042039 URL:http://www.securitytracker.com/id/1042039 SUSE:openSUSE-SU-2019:2120 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html UBUNTU:USN-3812-1 URL:https://usn.ubuntu.com/3812-1/
Assigning CNA
Red Hat, Inc.
Date Record Created
20180911	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180911)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)