Vulnerability Details : CVE-2018-16845
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
Products affected by CVE-2018-16845
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16845
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16845
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:P |
8.6
|
4.9
|
NIST | |
8.2
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H |
3.9
|
4.2
|
Red Hat, Inc. | |
6.1
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H |
1.8
|
4.2
|
NIST |
CWE ids for CVE-2018-16845
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: secalert@redhat.com (Primary)
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2018-16845
-
http://seclists.org/fulldisclosure/2021/Sep/36
Full Disclosure: APPLE-SA-2021-09-20-4 Xcode 13Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3653
RHSA-2018:3653 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3652
RHSA-2018:3652 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/105868
nginx Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:3680
RHSA-2018:3680 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html
[SECURITY] [DLA 1572-1] nginx security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4335
Debian -- Security Information -- DSA-4335-1 nginxThird Party Advisory
-
https://support.apple.com/kb/HT212818
About the security content of Xcode 13 - Apple SupportThird Party Advisory
-
https://usn.ubuntu.com/3812-1/
USN-3812-1: nginx vulnerabilities | Ubuntu security noticesPatch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3681
RHSA-2018:3681 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
[security-announce] openSUSE-SU-2019:2120-1: important: Security updateMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1042039
nginx MP4 Processing Bug Lets Remote Users Deny Service and Disclose Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
[nginx-announce] nginx security advisory (CVE-2018-16845)Mailing List;Patch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845
1644508 – (CVE-2018-16845) CVE-2018-16845 nginx: Denial of service and memory disclosure via mp4 moduleIssue Tracking;Third Party Advisory
Jump to