CVE-2012-2089

CVSS v2.0 6.8 (Medium)

EPSS 2.40 % (90^th)

Affected Products 2

Advisories 7

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

Weaknesses

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2012-04-17 21:55:01
(12 years ago)
Updated Date: 2021-11-10 15:57:01
(2 years ago)

Affected Products

F5

Nginx

Fedoraproject

Fedora

Configuration #1

		CPE23	From	Up To
	F5 Nginx from 1.0.7 version and 1.0.14 and prior versions	cpe:2.3:a:f5:nginx	>= 1.0.7	<= 1.0.14
	F5 Nginx from 1.1.3 version and 1.1.18 and prior versions	cpe:2.3:a:f5:nginx	>= 1.1.3	<= 1.1.18

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 15	cpe:2.3:o:fedoraproject:fedora:15
	Fedoraproject Fedora 16	cpe:2.3:o:fedoraproject:fedora:16
	Fedoraproject Fedora 17	cpe:2.3:o:fedoraproject:fedora:17