Lucene search
UbuntuUSN-5722-1HistoryNov 15, 2022 - 12:00 a.m.
nginx vulnerabilities
2022-11-1500:00:00
ubuntu.com
40
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- nginx - small, powerful, scalable web/proxy server
Details
It was discovered that nginx incorrectly handled certain memory operations in
the ngx_http_mp4_module module. A local attacker could possibly use this issue
with a specially crafted mp4 file to cause nginx to crash, stop responding, or
access arbitrary memory. (CVE-2022-41741, CVE-2022-41742)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | nginx-common | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-auth-pam | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-auth-pam-dbgsym | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-cache-purge | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-cache-purge-dbgsym | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-dav-ext | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-dav-ext-dbgsym | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-echo | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-echo-dbgsym | < 1.22.0-1ubuntu1.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | libnginx-mod-http-fancyindex | < 1.22.0-1ubuntu1.1 | UNKNOWN |
Related
freebsd
freebsd
nginx -- Two vulnerabilities
2022-10-19 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : nginx (SUSE-SU-2023:0212-1)
2023-01-31 00:00:00
SUSE SLES15 Security Update : nginx (SUSE-SU-2023:0210-1)
2023-01-31 00:00:00
SUSE SLES15 Security Update : nginx (SUSE-SU-2023:0293-1)
2023-02-08 00:00:00
openvas
openvas
openSUSE: Security Advisory for nginx (SUSE-SU-2023:0205-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for nginx (EulerOS-SA-2023-1330)
2023-02-09 00:00:00
Nginx Multiple Vulnerabilities (Oct 2022)
2022-10-25 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: nginx-1.22.1-1.fc36
2022-10-28 11:16:33
[SECURITY] Fedora 35 Update: nginx-1.22.1-1.fc35
2022-10-28 11:46:04
[SECURITY] Fedora 37 Update: nginx-1.22.1-1.fc37
2022-11-10 22:49:39
altlinux
altlinux
Security fix for the ALT Linux 9 package nginx version 1.22.1-alt1
2022-10-31 00:00:00
osv
osv
nginx vulnerabilities
2022-11-15 05:25:25
nginx - security update
2022-11-15 00:00:00
nginx - security update
2022-11-23 00:00:00
amazon
amazon
Medium: nginx
2023-01-18 20:56:00
mageia
mageia
Updated nginx packages fix security vulnerability
2022-10-28 09:54:08
debian
debian
[SECURITY] [DSA 5281-1] nginx security update
2022-11-15 20:26:03
[SECURITY] [DLA 3203-1] nginx security update
2022-11-22 23:40:00
cloudlinux
cloudlinux
nginx: Fix of 2 CVEs
2022-11-21 21:36:53
ibm
ibm
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0481
2022-11-01 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0078
2023-08-24 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0272
2022-11-02 00:00:00
ubuntucve
ubuntucve
CVE-2022-41741
2022-10-19 00:00:00
CVE-2022-41742
2022-10-19 00:00:00
prion
prion
Design/Logic Flaw
2022-10-19 22:15:00
Design/Logic Flaw
2022-10-19 22:15:00
alpinelinux
alpinelinux
CVE-2022-41742
2022-10-19 22:15:12
CVE-2022-41741
2022-10-19 22:15:12
cbl_mariner
cbl_mariner
CVE-2022-41742 affecting package nginx 1.20.1-3
2022-11-03 00:44:53
CVE-2022-41741 affecting package nginx for versions less than 1.22.1-1
2022-11-03 20:37:46
CVE-2022-41741 affecting package nginx 1.20.1-3
2022-11-03 00:44:53
nvd
nvd
CVE-2022-41742
2022-10-19 22:15:12
CVE-2022-41741
2022-10-19 22:15:12
redhatcve
redhatcve
CVE-2022-41742
2022-11-10 04:56:00
CVE-2022-41741
2022-11-10 04:55:59
cvelist
cvelist
CVE-2022-41742 NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
2022-10-19 00:00:00
CVE-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
2022-10-19 00:00:00
nginx
nginx
Memory corruption in the ngx_http_mp4_module
2022-10-19 22:15:12
Memory disclosure in the ngx_http_mp4_module
2022-10-19 22:15:12
cve
cve
CVE-2022-41742
2022-10-19 22:15:12
CVE-2022-41741
2022-10-19 22:15:12
f5
f5
K28112382 : NGINX ngx_http_mp4_module vulnerability CVE-2022-41742
2022-10-19 00:00:00
K81926432 : NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
2022-10-19 00:00:00
K30425568 : Overview of F5 vulnerabilities (October 2022)
2022-10-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-10-20 10:38:18
Denial Of Service (DoS)
2022-10-20 10:38:13
debiancve
debiancve
CVE-2022-41742
2022-10-19 22:15:12
CVE-2022-41741
2022-10-19 22:15:12
ics
ics
Siemens SINEC Traffic Analyzer
2024-06-13 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for USN-5722-1