BIT-nginx-ingress-controller-2022-41743

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/nginx-ingress-controller/BIT-nginx-ingress-controller-2022-41743.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-nginx-ingress-controller-2022-41743

Aliases

CVE-2022-41743

Published

2023-11-06T08:56:56.676Z

Modified

2023-12-06T00:47:35.013405Z

Summary

[none]

Details

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngxhttphlsmodule.

Database specific

{
    "cpes": [
        "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://support.f5.com/csp/article/K01112063

Affected packages

Bitnami / nginx-ingress-controller

Package

Name: nginx-ingress-controller
Purl: pkg:bitnami/nginx-ingress-controller

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.9.0

Fixed

1.12.4

Introduced

2.0.0

Fixed

2.4.0