Allele Security Alert
Infinite loop in a worker process
nginx 1.1.3+, 1.0.7+
nginx 1.15.6, 1.14.1
Proof of concept
A security issue was identified in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file.
The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the “mp4” directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.
ngx_http_mp4_read_atom() function in ngx_http_mp4_module.c file does not check if atom_size in a 64-bit atom in mp4 files is greater than the minimum value atom_header_size, which is 16 for 64-bit atoms. When atom_header_size is subtracted from atom_size, the result may underflow and cause various issues like infinite loops, when the size is 0, crashes or memory disclosure.
[nginx-announce] nginx security advisory (CVE-2018-16845)
nginx security advisories
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 6, 2019