CVE-2024-7347
CVSS v4.0
5.7 (Medium)
CVSS v3.1
4.7 (Medium)
EPSS
0.04 % (13th)
Affected Products
2
Advisories
5
NVD Status
Analyzed
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- F5 Networks
- Published Date
-
2024-08-14 15:15:31
(4 weeks ago) - Updated Date
-
2024-08-20 19:25:17
(3 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...