CVE-2024-7347

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000140529	Vendor Advisory
http://www.openwall.com/lists/oss-security/2024/08/14/4	Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:nginx_open_source::::::::
	cpe:2.3:a:f5:nginx_open_source:1.27.0:::::::*
	cpe:2.3:a:f5:nginx_plus::::::::
	cpe:2.3:a:f5:nginx_plus:r31:-::::::
	cpe:2.3:a:f5:nginx_plus:r31:p1::::::
	cpe:2.3:a:f5:nginx_plus:r32:-::::::

History

22 Jan 2025, 16:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:f5:nginx_open_source:1.27.0:::::::*
References	~~() http://www.openwall.com/lists/oss-security/2024/08/14/4 -~~	() http://www.openwall.com/lists/oss-security/2024/08/14/4 - Mailing List

Information

Published : 2024-08-14 15:15

Updated : 2025-01-22 16:10

NVD link : CVE-2024-7347

Mitre link : CVE-2024-7347

CVE.ORG link : CVE-2024-7347

JSON object : View

Products Affected

f5

nginx_plus
nginx_open_source

CWE

CWE-126

Buffer Over-read

CWE-125

Out-of-bounds Read

{"id": "CVE-2024-7347", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.0}], "cvssMetricV40": [{"type": "Secondary", "source": "f5sirt@f5.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.7, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-14T15:15:31.870", "references": [{"url": "https://my.f5.com/manage/s/article/K000140529", "tags": ["Vendor Advisory"], "source": "f5sirt@f5.com"}, {"url": "http://www.openwall.com/lists/oss-security/2024/08/14/4", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "f5sirt@f5.com", "description": [{"lang": "en", "value": "CWE-126"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": " NGINX Open Source y NGINX Plus tienen una vulnerabilidad en ngx_http_mp4_module, que podr\u00eda permitir a un atacante sobreleer la memoria de trabajo de NGINX, lo que provocar\u00eda su terminaci\u00f3n, utilizando un archivo mp4 especialmente dise\u00f1ado. El problema solo afecta a NGINX si est\u00e1 construido con ngx_http_mp4_module y la directiva mp4 se usa en el archivo de configuraci\u00f3n. Adem\u00e1s, el ataque s\u00f3lo es posible si un atacante puede activar el procesamiento de un archivo mp4 especialmente dise\u00f1ado con el m\u00f3dulo ngx_http_mp4_module. Nota: Las versiones de software que han llegado al final del soporte t\u00e9cnico (EoTS) no se eval\u00faan."}], "lastModified": "2025-01-22T16:10:28.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0EA24A0-D4CA-4394-9A01-D7B9A5DBAF0C", "versionEndExcluding": "1.26.2", "versionStartIncluding": "1.5.13"}, {"criteria": "cpe:2.3:a:f5:nginx_open_source:1.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A8277F-E124-4A18-A545-05DE412FF811"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "462BF1FE-417D-4D78-B77E-CD34AA6E792B", "versionEndExcluding": "r31", "versionStartIncluding": "r27"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r31:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D5BB4C0-B862-4CDD-AA54-1BC1BDF27005"}, {"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2"}], "operator": "OR"}]}], "sourceIdentifier": "f5sirt@f5.com"}