CVE-2018-16845
Medium
Low
Medium
High
Critical
6.1
CVSS Score
Vulnerability Description
nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Attack Vector
L
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
L
Integrity
N
Availability
H
Known Affected Software
90 configuration(s) from 4 vendor(s)
xcode
Version:
6.1.1
CPE:
cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
xcode
Version:
7.1
CPE:
cpe:2.3:a:apple:xcode:7.1:*:*:*:*:*:*:*
xcode
Version:
7.3
CPE:
cpe:2.3:a:apple:xcode:7.3:*:*:*:*:*:*:*
xcode
Version:
4.0
CPE:
cpe:2.3:a:apple:xcode:4.0:*:*:*:*:*:*:*
xcode
Version:
4.0.1
CPE:
cpe:2.3:a:apple:xcode:4.0.1:*:*:*:*:*:*:*
xcode
Version:
3.1.1
CPE:
cpe:2.3:a:apple:xcode:3.1.1:*:*:*:*:*:*:*
xcode
Version:
1.5.0
CPE:
cpe:2.3:a:apple:xcode:1.5.0:*:*:*:*:*:*:*
xcode
Version:
4.6
CPE:
cpe:2.3:a:apple:xcode:4.6:*:*:*:*:*:*:*
xcode
Version:
7.2
CPE:
cpe:2.3:a:apple:xcode:7.2:*:*:*:*:*:*:*
xcode
Version:
4.2
CPE:
cpe:2.3:a:apple:xcode:4.2:*:*:*:*:*:*:*
xcode
Version:
8.0
CPE:
cpe:2.3:a:apple:xcode:8.0:*:*:*:*:*:*:*
xcode
Version:
4.3.3
CPE:
cpe:2.3:a:apple:xcode:4.3.3:*:*:*:*:*:*:*
xcode
Version:
7.1.1
CPE:
cpe:2.3:a:apple:xcode:7.1.1:*:*:*:*:*:*:*
xcode
Version:
5.1
CPE:
cpe:2.3:a:apple:xcode:5.1:*:*:*:*:*:*:*
xcode
Version:
11.0
CPE:
cpe:2.3:a:apple:xcode:11.0:*:*:*:*:*:*:*
xcode
Version:
4.6.3
CPE:
cpe:2.3:a:apple:xcode:4.6.3:*:*:*:*:*:*:*
xcode
Version:
2.3.0
CPE:
cpe:2.3:a:apple:xcode:2.3.0:*:*:*:*:*:*:*
xcode
Version:
6.1
CPE:
cpe:2.3:a:apple:xcode:6.1:*:*:*:*:*:*:*
xcode
Version:
4.3.2
CPE:
cpe:2.3:a:apple:xcode:4.3.2:*:*:*:*:*:*:*
xcode
Version:
11.2
CPE:
cpe:2.3:a:apple:xcode:11.2:*:*:*:*:*:*:*
xcode
Version:
6.3.1
CPE:
cpe:2.3:a:apple:xcode:6.3.1:*:*:*:*:*:*:*
xcode
Version:
2.0.0
CPE:
cpe:2.3:a:apple:xcode:2.0.0:*:*:*:*:*:*:*
xcode
Version:
2.4.0
CPE:
cpe:2.3:a:apple:xcode:2.4.0:*:*:*:*:*:*:*
xcode
Version:
9.0
CPE:
cpe:2.3:a:apple:xcode:9.0:*:*:*:*:*:*:*
xcode
Version:
9.3.1
CPE:
cpe:2.3:a:apple:xcode:9.3.1:*:*:*:*:*:*:*
xcode
Version:
6.3
CPE:
cpe:2.3:a:apple:xcode:6.3:*:*:*:*:*:*:*
xcode
Version:
3.2.2
CPE:
cpe:2.3:a:apple:xcode:3.2.2:*:*:*:*:*:*:*
xcode
Version:
2.1.0
CPE:
cpe:2.3:a:apple:xcode:2.1.0:*:*:*:*:*:*:*
xcode
Version:
3.2.1
CPE:
cpe:2.3:a:apple:xcode:3.2.1:*:*:*:*:*:*:*
xcode
Version:
3.2.4
CPE:
cpe:2.3:a:apple:xcode:3.2.4:*:*:*:*:*:*:*
xcode
Version:
4.3.1
CPE:
cpe:2.3:a:apple:xcode:4.3.1:*:*:*:*:*:*:*
xcode
Version:
7.0
CPE:
cpe:2.3:a:apple:xcode:7.0:*:*:*:*:*:*:*
xcode
Version:
7.3.1
CPE:
cpe:2.3:a:apple:xcode:7.3.1:*:*:*:*:*:*:*
xcode
Version:
8.3.1
CPE:
cpe:2.3:a:apple:xcode:8.3.1:*:*:*:*:*:*:*
xcode
Version:
3.2.3
CPE:
cpe:2.3:a:apple:xcode:3.2.3:*:*:*:*:*:*:*
xcode
Version:
5.0.1
CPE:
cpe:2.3:a:apple:xcode:5.0.1:*:*:*:*:*:*:*
xcode
Version:
5.0.2
CPE:
cpe:2.3:a:apple:xcode:5.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.3
CPE:
cpe:2.3:a:apple:xcode:3.1.3:*:*:*:*:*:*:*
xcode
Version:
7.0.1
CPE:
cpe:2.3:a:apple:xcode:7.0.1:*:*:*:*:*:*:*
xcode
Version:
6.0
CPE:
cpe:2.3:a:apple:xcode:6.0:*:*:*:*:*:*:*
xcode
Version:
10
CPE:
cpe:2.3:a:apple:xcode:10:*:*:*:*:*:*:*
xcode
Version:
5.1.1
CPE:
cpe:2.3:a:apple:xcode:5.1.1:*:*:*:*:*:*:*
xcode
Version:
9.0.1
CPE:
cpe:2.3:a:apple:xcode:9.0.1:*:*:*:*:*:*:*
xcode
Version:
4.6.2
CPE:
cpe:2.3:a:apple:xcode:4.6.2:*:*:*:*:*:*:*
xcode
Version:
11.3
CPE:
cpe:2.3:a:apple:xcode:11.3:*:*:*:*:*:*:*
xcode
Version:
4.6.1
CPE:
cpe:2.3:a:apple:xcode:4.6.1:*:*:*:*:*:*:*
xcode
Version:
8.2
CPE:
cpe:2.3:a:apple:xcode:8.2:*:*:*:*:*:*:*
xcode
Version:
6.3.2
CPE:
cpe:2.3:a:apple:xcode:6.3.2:*:*:*:*:*:*:*
xcode
Version:
12.5
CPE:
cpe:2.3:a:apple:xcode:12.5:*:*:*:*:*:*:*
xcode
Version:
3.1.2
CPE:
cpe:2.3:a:apple:xcode:3.1.2:*:*:*:*:*:*:*
xcode
Version:
12.0
CPE:
cpe:2.3:a:apple:xcode:12.0:*:*:*:*:*:*:*
xcode
Version:
9.3
CPE:
cpe:2.3:a:apple:xcode:9.3:*:*:*:*:*:*:*
xcode
Version:
4.2.1
CPE:
cpe:2.3:a:apple:xcode:4.2.1:*:*:*:*:*:*:*
xcode
Version:
4.4.1
CPE:
cpe:2.3:a:apple:xcode:4.4.1:*:*:*:*:*:*:*
xcode
Version:
4.3
CPE:
cpe:2.3:a:apple:xcode:4.3:*:*:*:*:*:*:*
xcode
Version:
12.5.1
CPE:
cpe:2.3:a:apple:xcode:12.5.1:*:*:*:*:*:*:*
xcode
Version:
4.5.2
CPE:
cpe:2.3:a:apple:xcode:4.5.2:*:*:*:*:*:*:*
xcode
Version:
4.5
CPE:
cpe:2.3:a:apple:xcode:4.5:*:*:*:*:*:*:*
xcode
Version:
3.1
CPE:
cpe:2.3:a:apple:xcode:3.1:*:*:*:*:*:*:*
xcode
Version:
4.1.1
CPE:
cpe:2.3:a:apple:xcode:4.1.1:*:*:*:*:*:*:*
xcode
Version:
6.2
CPE:
cpe:2.3:a:apple:xcode:6.2:beta_2:*:*:*:*:*:*
xcode
Version:
2.2.0
CPE:
cpe:2.3:a:apple:xcode:2.2.0:*:*:*:*:*:*:*
xcode
Version:
4.5.1
CPE:
cpe:2.3:a:apple:xcode:4.5.1:*:*:*:*:*:*:*
xcode
Version:
9.4
CPE:
cpe:2.3:a:apple:xcode:9.4:*:*:*:*:*:*:*
xcode
Version:
4.4
CPE:
cpe:2.3:a:apple:xcode:4.4:*:*:*:*:*:*:*
xcode
Version:
9.4.1
CPE:
cpe:2.3:a:apple:xcode:9.4.1:*:*:*:*:*:*:*
xcode
Version:
8.3.3
CPE:
cpe:2.3:a:apple:xcode:8.3.3:*:*:*:*:*:*:*
xcode
Version:
2.4.1
CPE:
cpe:2.3:a:apple:xcode:2.4.1:*:*:*:*:*:*:*
xcode
Version:
7.2.1
CPE:
cpe:2.3:a:apple:xcode:7.2.1:*:*:*:*:*:*:*
xcode
Version:
8.3
CPE:
cpe:2.3:a:apple:xcode:8.3:*:*:*:*:*:*:*
xcode
Version:
9.2
CPE:
cpe:2.3:a:apple:xcode:9.2:*:*:*:*:*:*:*
xcode
Version:
3.2.5
CPE:
cpe:2.3:a:apple:xcode:3.2.5:*:*:*:*:*:*:*
xcode
Version:
4.1
CPE:
cpe:2.3:a:apple:xcode:4.1:*:*:*:*:*:*:*
xcode
Version:
5.0
CPE:
cpe:2.3:a:apple:xcode:5.0:*:*:*:*:*:*:*
xcode
Version:
9.1
CPE:
cpe:2.3:a:apple:xcode:9.1:*:*:*:*:*:*:*
xcode
Version:
6.4
CPE:
cpe:2.3:a:apple:xcode:6.4:*:*:*:*:*:*:*
xcode
Version:
8.1
CPE:
cpe:2.3:a:apple:xcode:8.1:*:*:*:*:*:*:*
xcode
Version:
8.2.1
CPE:
cpe:2.3:a:apple:xcode:8.2.1:*:*:*:*:*:*:*
xcode
Version:
8.3.2
CPE:
cpe:2.3:a:apple:xcode:8.3.2:*:*:*:*:*:*:*
xcode
Version:
6.0.1
CPE:
cpe:2.3:a:apple:xcode:6.0.1:*:*:*:*:*:*:*
xcode
Version:
4.0.2
CPE:
cpe:2.3:a:apple:xcode:4.0.2:*:*:*:*:*:*:*
xcode
Version:
3.1.4
CPE:
cpe:2.3:a:apple:xcode:3.1.4:*:*:*:*:*:*:*
xcode
Version:
12.4
CPE:
cpe:2.3:a:apple:xcode:12.4:*:*:*:*:*:*:*
ubuntu_linux
Version:
14.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
16.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*
ubuntu_linux
Version:
18.04
CPE:
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
ubuntu_linux
Version:
18.10
CPE:
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
debian_linux
Version:
8.0
CPE:
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debian_linux
Version:
9.0
CPE:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
leap
Version:
15.1
CPE:
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
This vulnerability affects 90 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.htmlsecalert@redhat.com Mailing List Patch Vendor Advisory
-
http://seclists.org/fulldisclosure/2021/Sep/36secalert@redhat.com Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/105868secalert@redhat.com Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1042039secalert@redhat.com Third Party Advisory VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:3652secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3653secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3680secalert@redhat.com Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3681secalert@redhat.com Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845secalert@redhat.com Issue Tracking Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00010.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
https://support.apple.com/kb/HT212818secalert@redhat.com Third Party Advisory
-
https://usn.ubuntu.com/3812-1/secalert@redhat.com Patch Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4335secalert@redhat.com Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Patch Vendor Advisory
-
http://seclists.org/fulldisclosure/2021/Sep/36af854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/105868af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
http://www.securitytracker.com/id/1042039af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://access.redhat.com/errata/RHSA-2018:3652af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3653af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3680af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3681af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/11/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
https://support.apple.com/kb/HT212818af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://usn.ubuntu.com/3812-1/af854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory
-
https://www.debian.org/security/2018/dsa-4335af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
6.1
out of 10.0
Medium
Weakness Type (CWE)
CWE-400
Uncontrolled Resource Consumption
- Description
- The product does not properly control the allocation and maintenance of a limited resource.
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- November 07, 2018
