Nginx ngx_http_mp4_module Memory Disclosure Vulnerability



A vulnerability in the ngx_http_mp4_module component of Nginx could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to improper handling of MP4 files by the ngx_http_mp4_module component of the affected software. An attacker could exploit this vulnerability by persuading a user to access an MP4 file that submits malicious input to an affected system. A successful exploit could allow the attacker to access sensitive memory content from a worker process, cause an infinite loop condition in a worker process, or cause a worker process to crash, resulting in a DoS condition.

nginx.org has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-16845

Source:: Cisco Multivendor Vulnerability Alerts