CVE-2022-41743

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-41743

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41743.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41743

Aliases

BIT-nginx-ingress-controller-2022-41743

Published

2022-10-19T22:15:12Z

Modified

2024-10-12T10:10:51.562232Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttphlsmodule that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngxhttphlsmodule.

References

https://support.f5.com/csp/article/K01112063

Affected packages

Git / github.com/nginxinc/kubernetes-ingress

Affected ranges

Type: GIT
Repo: https://github.com/nginxinc/kubernetes-ingress
Events: Introduced

98d94b0bf6918774007b3abcb0f318fa347cdcb2

Last affected

79566654d43c72bf3709db2ef0b60f4f928fadba

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.2.2

v2.3.0

v2.3.1

v2.4.0