Allele Security Alert
ASA-2018-00032
Identifier(s)
ASA-2018-00032, CVE-2018-16845
Title
Infinite loop in a worker process
Vendor(s)
NGINX, Inc
Product(s)
nginx
Affected version(s)
nginx 1.1.3+, 1.0.7+
Fixed version(s)
nginx 1.15.6, 1.14.1
Proof of concept
Unknown
Description
A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the “mp4” directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
Technical details
ngx_http_mp4_read_atom() function in ngx_http_mp4_module.c file does not check if atom_size in a 64-bit atom in mp4 files is greater than the minimum value atom_header_size, which is 16 for 64-bit atoms. When atom_header_size is subtracted from atom_size, the result may underflow and cause various issues like infinite loops, when the size is 0, crashes or memory disclosure.
Credits
Unknown
Reference(s)
[nginx-announce] nginx security advisory (CVE-2018-16845)
https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html
patch.2018.mp4.txt
https://nginx.org/download/patch.2018.mp4.txt
nginx security advisories
https://nginx.org/en/security_advisories.html
CVE-2018-16845
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845
CVE-2018-16845
https://nvd.nist.gov/vuln/detail/CVE-2018-16845
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 6, 2019