BIT-nginx-ingress-controller-2022-41741

BIT-nginx-ingress-controller-2022-41741 PUBLISHED CVSS 7.800000190734863 HIGH

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Bitnami	nginx-ingress-controller	1.9.0, 2.0.0, 1.9.0

Exploit Intelligence

Explore CVE-2022-41741 with the Evil MP4 repository. It offers educational PoCs,and documentation on securing nginx against MP4 file vulnerabilities. For legal, ethical security testing only. (github-poc-repo)
CVE-2022-41741/742 Nginx Vulnerability Scanner (github-poc-repo)
CVE-2022-41741/742 Nginx Vulnerability Scanner (github-poc)
Explore CVE-2022-41741 with the Evil MP4 repository. It offers educational PoCs,and documentation on securing nginx against MP4 file vulnerabilities. For legal, ethical security testing only. (github-poc)
CVEDatabase.swift (github-poc)
cve_rules.hpp (github-poc)
nvd_db.cpp (github-poc)
cve_db.json (github-poc)

Timeline

Nov 6, 2023 CVE Published
Mar 6, 2024 CVE Updated
Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →