PT-2012-3799 · Nginx · Nginx

Matthew Daley

Published

2012-04-17

Updated

2024-06-15

CVE-2012-2089

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions nginx versions 1.0.7 through 1.0.14 nginx versions 1.1.3 through 1.1.18

Description A buffer overflow in the ngx http mp4 module module, when the mp4 directive is used, allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted MP4 file. The issue is related to the ngx http mp4 module.c file.

Recommendations For versions 1.0.7 through 1.0.14, update to a version outside of this range to resolve the issue. For versions 1.1.3 through 1.1.18, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the mp4 directive until a patch is available.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2012-2089

OPENSUSE-SU-2024:10044-1

Affected Products

Nginx

PT-2012-3799 · Nginx · Nginx

CVE-2012-2089

Weakness Enumeration

Related Identifiers

Affected Products

References · 27