/

CVE-2022-41741 Report - Details, Severity, & Advisorie...

CVE-2022-41741 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2022-41741?

CVE-2022-41741 is a high-severity vulnerability in NGINX Open Source, NGINX Open Source Subscription, and NGINX Plus products built with the ngx_http_mp4_module when the mp4 directive is used. This vulnerability allows a local attacker to corrupt NGINX worker memory, potentially terminating the worker or causing other impacts using a specially crafted audio or video file. Systems running vulnerable versions with the ngx_http_mp4_module enabled are at risk.

Who is impacted by this?

The CVE-2022-41741 vulnerability affects users of certain versions of NGINX Open Source, NGINX Open Source Subscription, NGINX Plus, F5 NGINX Ingress Controller, Debian Linux, and Fedora. Specifically, impacted versions include NGINX Open Source before 1.23.2 and 1.22.1, NGINX Open Source Subscription before R2 P1 and R1 P1, NGINX Plus before R27 P1 and R26 P1, F5 NGINX Ingress Controller versions 1.9.0 to 1.12.4 and 2.0.0 to 2.4.0, Debian Linux 10.0 and 11.0, and Fedora 35, 36, and 37. This vulnerability may cause issues when processing certain audio or video files.

What to do if CVE-2022-41741 affected you

If you're affected by the CVE-2022-41741 vulnerability, it's crucial to take action to secure your system. Follow these steps:

  1. Upgrade your NGINX package to the latest version, as recommended by Debian and Fedora.

  2. Ensure the updated package is installed and running on your system.

  3. Monitor for any unusual activity or signs of compromise.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-41741 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this issue, it's essential to update the affected software to the fixed versions. This vulnerability might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue affecting NGINX's ngx\_http\_mp4\_module.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2022-41741 Report - Details, Severity, & Advisorie...

CVE-2022-41741 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2022-41741?

CVE-2022-41741 is a high-severity vulnerability in NGINX Open Source, NGINX Open Source Subscription, and NGINX Plus products built with the ngx_http_mp4_module when the mp4 directive is used. This vulnerability allows a local attacker to corrupt NGINX worker memory, potentially terminating the worker or causing other impacts using a specially crafted audio or video file. Systems running vulnerable versions with the ngx_http_mp4_module enabled are at risk.

Who is impacted by this?

The CVE-2022-41741 vulnerability affects users of certain versions of NGINX Open Source, NGINX Open Source Subscription, NGINX Plus, F5 NGINX Ingress Controller, Debian Linux, and Fedora. Specifically, impacted versions include NGINX Open Source before 1.23.2 and 1.22.1, NGINX Open Source Subscription before R2 P1 and R1 P1, NGINX Plus before R27 P1 and R26 P1, F5 NGINX Ingress Controller versions 1.9.0 to 1.12.4 and 2.0.0 to 2.4.0, Debian Linux 10.0 and 11.0, and Fedora 35, 36, and 37. This vulnerability may cause issues when processing certain audio or video files.

What to do if CVE-2022-41741 affected you

If you're affected by the CVE-2022-41741 vulnerability, it's crucial to take action to secure your system. Follow these steps:

  1. Upgrade your NGINX package to the latest version, as recommended by Debian and Fedora.

  2. Ensure the updated package is installed and running on your system.

  3. Monitor for any unusual activity or signs of compromise.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-41741 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this issue, it's essential to update the affected software to the fixed versions. This vulnerability might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue affecting NGINX's ngx\_http\_mp4\_module.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2022-41741 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2022-41741?

CVE-2022-41741 is a high-severity vulnerability in NGINX Open Source, NGINX Open Source Subscription, and NGINX Plus products built with the ngx_http_mp4_module when the mp4 directive is used. This vulnerability allows a local attacker to corrupt NGINX worker memory, potentially terminating the worker or causing other impacts using a specially crafted audio or video file. Systems running vulnerable versions with the ngx_http_mp4_module enabled are at risk.

Who is impacted by this?

The CVE-2022-41741 vulnerability affects users of certain versions of NGINX Open Source, NGINX Open Source Subscription, NGINX Plus, F5 NGINX Ingress Controller, Debian Linux, and Fedora. Specifically, impacted versions include NGINX Open Source before 1.23.2 and 1.22.1, NGINX Open Source Subscription before R2 P1 and R1 P1, NGINX Plus before R27 P1 and R26 P1, F5 NGINX Ingress Controller versions 1.9.0 to 1.12.4 and 2.0.0 to 2.4.0, Debian Linux 10.0 and 11.0, and Fedora 35, 36, and 37. This vulnerability may cause issues when processing certain audio or video files.

What to do if CVE-2022-41741 affected you

If you're affected by the CVE-2022-41741 vulnerability, it's crucial to take action to secure your system. Follow these steps:

  1. Upgrade your NGINX package to the latest version, as recommended by Debian and Fedora.

  2. Ensure the updated package is installed and running on your system.

  3. Monitor for any unusual activity or signs of compromise.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-41741 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. To address this issue, it's essential to update the affected software to the fixed versions. This vulnerability might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue affecting NGINX's ngx\_http\_mp4\_module.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page or the links below.