CVE-2012-2089 — Classic Buffer Overflow in F5 Nginx

CWE-120 — Classic Buffer Overflow8 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

5.3%

top 9.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Nginx Fedoraproject Fedora

Timeline

PublishedApr 17

Latest updateMay 13

Description

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Debianf5/nginx< 1.1.19-1+3

▶NVDf5/nginx1.0.7 — 1.0.14+1

Also affects: Fedora 15, 16, 17

Patches

Patch: nginx.org ↗Patch: www.openwall.com ↗Patch: nginx.org ↗

🔴Vulnerability Details

GHSA

GHSA-9pvj-32x2-9jrc: Buffer overflow in ngx_http_mp4_module↗2022-05-13

▶

CVEList

CVE-2012-2089: Buffer overflow in ngx_http_mp4_module↗2012-04-17

▶

OSV

CVE-2012-2089: Buffer overflow in ngx_http_mp4_module↗2012-04-17

▶

📋Vendor Advisories

Debian

CVE-2012-2089: nginx - Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in ng...↗2012

▶

💬Community

Bugzilla

CVE-2012-2089 nginx: arbitrary code execution in mp4 pseudo-streaming module [fedora-all]↗2012-04-12

▶

Bugzilla

CVE-2012-2089 nginx: arbitrary code execution in mp4 pseudo-streaming module [epel-all]↗2012-04-12

▶

Bugzilla

CVE-2012-2089 nginx: arbitrary code execution in mp4 pseudo-streaming module↗2012-04-12

▶