Showing 1 - 7 of 7

CVE-2018-16845

Status Candidate

Overview

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

Related Files

Apple Security Advisory 2021-09-20-4: Posted Sep 22, 2021; Authored by Apple | Site apple.com; Apple Security Advisory 2021-09-20-4 - Xcode 13 addresses multiple issues in nginx.; tags | advisory; systems | apple; advisories | CVE-2016-0742, CVE-2016-0746, CVE-2016-0747, CVE-2017-7529, CVE-2018-16843, CVE-2018-16844, CVE-2018-16845, CVE-2019-20372; SHA-256 | e298f65735c01199cc9782cb84a35d40ade27a44f1619154f005170a70f23d97; Download | Favorite | View

Red Hat Security Advisory 2018-3681-01: Posted Nov 27, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3681-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.; tags | advisory, web, denial of service, protocol; systems | linux, redhat; advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845; SHA-256 | edc156252a77c17ab32cdf45a40f9b72fed35d597c56732bf77fbcba569b8b86; Download | Favorite | View

Red Hat Security Advisory 2018-3680-01: Posted Nov 27, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3680-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.; tags | advisory, web, denial of service, protocol; systems | linux, redhat; advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845; SHA-256 | bf762c567899406a051f2a94d0eb8fc6de8342ac0ca6d42ea5ecab607fcc1426; Download | Favorite | View

Red Hat Security Advisory 2018-3653-01: Posted Nov 26, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3653-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.; tags | advisory, web, denial of service, protocol; systems | linux, redhat; advisories | CVE-2018-16843, CVE-2018-16845; SHA-256 | cdf8832a2ee43f362646287957e86d0a848865e5cbce03448952aedf3e742e46; Download | Favorite | View

Red Hat Security Advisory 2018-3652-01: Posted Nov 26, 2018; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2018-3652-01 - nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Issues addressed include a denial of service vulnerability.; tags | advisory, web, denial of service, protocol; systems | linux, redhat; advisories | CVE-2018-16845; SHA-256 | 13d4d0dbcb52c25e093c1a22ae583ea2870ab00c6e2cac59c54802f4b830fccc; Download | Favorite | View

Debian Security Advisory 4335-1: Posted Nov 12, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4335-1 - Three vulnerabilities were discovered in Nginx, a high-performance web and reverse proxy server, which could in denial of service in processing HTTP/2 (via excessive memory/CPU usage) or server memory disclosure in the ngx_http_mp4_module module (used for server-side MP4 streaming).; tags | advisory, web, denial of service, vulnerability; systems | linux, debian; advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845; SHA-256 | 62738a0f3a1924f58af8ca8de7f560fafc42ea8de43136a5a020522b764a4454; Download | Favorite | View

Ubuntu Security Notice USN-3812-1: Posted Nov 7, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3812-1 - It was discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Gal Goldshtein discovered that nginx incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause excessive CPU usage, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.; tags | advisory, remote, web, denial of service; systems | linux, ubuntu; advisories | CVE-2018-16843, CVE-2018-16844, CVE-2018-16845; SHA-256 | de51d5f5527e718cfd03e2b97d884775074a77a2c8b330508d29034ee83361c4; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 194 files
Ubuntu 67 files
Debian 24 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,011)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,194)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,437)
UNIX (9,390)
UnixWare (187)
Windows (6,649)
Other

CVE-2018-16845

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems