CVE-2022-41742

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-41742
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-10-19 22:15:00 UTC
Updated2023-11-07 03:52:00 UTC
DescriptionNGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Application F5 Nginx 1.23.0 All All All
Application F5 Nginx 1.23.1 All All All
Application F5 Nginx r1 All All All
Application F5 Nginx r2 All All All
Application F5 Nginx All All All All
Application F5 Nginx All All All All
Application F5 Nginx Ingress Controller All All All All
Application F5 Nginx Ingress Controller All All All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Fedoraproject Fedora 36 All All All
Operating System Fedoraproject Fedora 37 All All All

References

ReferenceSourceLinkTags
[SECURITY] [DLA 3203-1] nginx security update MLIST lists.debian.org
support.f5.com/csp/article/K28112382 MISC support.f5.com
[SECURITY] Fedora 35 Update: nginx-1.22.1-1.fc35 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 35 Update: nginx-1.22.1-1.fc35 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 36 Update: nginx-1.22.1-1.fc36 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 37 Update: nginx-1.22.1-1.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
October 2022 NGINX Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
[SECURITY] Fedora 37 Update: nginx-1.22.1-1.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Debian -- Security Information -- DSA-5281-1 nginx DEBIAN www.debian.org Third Party Advisory
[SECURITY] Fedora 36 Update: nginx-1.22.1-1.fc36 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 181217 Debian Security Update for nginx (DSA 5281-1)
  • 181243 Debian Security Update for nginx (DLA 3203-1)
  • 182713 Debian Security Update for nginx (CVE-2022-41742)
  • 199025 Ubuntu Security Notification for nginx Vulnerabilities (USN-5722-1)
  • 283249 Fedora Security Update for nginx (FEDORA-2022-97de53f202)
  • 283250 Fedora Security Update for nginx (FEDORA-2022-b0f5bc2175)
  • 283464 Fedora Security Update for nginx (FEDORA-2022-12721789aa)
  • 354691 Amazon Linux Security Advisory for nginx : ALAS-2023-1665
  • 354692 Amazon Linux Security Advisory for nginx : ALAS2022-2023-270
  • 355156 Amazon Linux Security Advisory for nginx : ALAS2023-2023-099
  • 355259 Amazon Linux Security Advisory for nginx : ALAS2023-2023-090
  • 356293 Amazon Linux Security Advisory for nginx : ALASNGINX1-2023-001
  • 356498 Amazon Linux Security Advisory for nginx : ALAS2NGINX1-2023-001
  • 377658 F5 BIG-IP Nginx ngx_http_mp4_module vulnerability cve-2022-41742 (K28112382)
  • 377673 F5 BIG-IP Nginx ngx_http_mp4_module vulnerability cve-2022-41742 (K28112382)
  • 502556 Alpine Linux Security Update for nginx
  • 504191 Alpine Linux Security Update for nginx
  • 672580 EulerOS Security Update for nginx (EulerOS-SA-2023-1330)
  • 690964 Free Berkeley Software Distribution (FreeBSD) Security Update for nginx (676d4f16-4fb3-11ed-a374-8c164567ca3c)
  • 753597 SUSE Enterprise Linux Security Update for nginx (SUSE-SU-2023:0205-1)
  • 753605 SUSE Enterprise Linux Security Update for nginx (SUSE-SU-2023:0212-1)
  • 753606 SUSE Enterprise Linux Security Update for nginx (SUSE-SU-2023:0210-1)
  • 753646 SUSE Enterprise Linux Security Update for nginx (SUSE-SU-2023:0293-1)
  • 904345 Common Base Linux Mariner (CBL-Mariner) Security Update for nginx (11336)
  • 904348 Common Base Linux Mariner (CBL-Mariner) Security Update for nginx (11321)
  • 904377 Common Base Linux Mariner (CBL-Mariner) Security Update for nginx (11336-1)
  • 904391 Common Base Linux Mariner (CBL-Mariner) Security Update for nginx (11321-1)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report