CVE-2022-41742

HIGH

Published 2022-10-19T21:20:50.106Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-41742. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

7.1

/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.001

probability

of exploitation in the wild

There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.223

Higher than 22.3% of all CVEs

Attack Vector Metrics

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Description

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

NGINX

Affected Versions:

Mainline Stable

NGINX Plus

Affected Versions:

R27 R1

NGINX Open Source Subscription

Affected Versions:

R2 R1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-wj45-j4gh-fm3x

Advisory Details

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-41742

WEB https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ

WEB https://security.netapp.com/advisory/ntap-20230120-0005

WEB https://support.f5.com/csp/article/K28112382

WEB https://www.debian.org/security/2022/dsa-5281

Advisory provided by GitHub Security Advisory Database. Published: October 20, 2022, Modified: January 20, 2023

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

1 post

Reddit • 2 weeks, 5 days ago

jwckauman

NGINX Vulnerabilities in VMware Skyline Health Diagnostics Our vulnerability scanner is detecting two older CVEs in the Skyline Health Diagnostics (SHD) appliance: CVE-2022-41741, CVE-2022-41742, which are both NGINX Vulnerabilities. SHD appears to be using Nginx version 1.22.0 as it was detected on ports 443 and 8443. I've already upgraded SHD …

Also mentions: CVE-2022-41741

20.0

View Original