ID

VAR-202210-1828


CVE

CVE-2022-41743


TITLE

Multiple F5 product Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

DESCRIPTION

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. F5 F5OS-A is an operating system software

Trust: 0.99

sources: NVD: CVE-2022-41743 // VULHUB: VHN-429543

AFFECTED PRODUCTS

vendor:f5model:nginx ingress controllerscope:lteversion:2.4.0

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:gteversion:2.0.0

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:gteversion:1.9.0

Trust: 1.0

vendor:f5model:nginx plusscope:lteversion:r27

Trust: 1.0

vendor:f5model:nginx ingress controllerscope:lteversion:1.12.4

Trust: 1.0

vendor:f5model:nginx plusscope:gteversion:r22

Trust: 1.0

sources: NVD: CVE-2022-41743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-41743
value: HIGH

Trust: 1.0

f5sirt@f5.com: CVE-2022-41743
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202210-1451
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-41743
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202210-1451 // NVD: CVE-2022-41743 // NVD: CVE-2022-41743

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-429543 // NVD: CVE-2022-41743

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

PATCH

title:Multiple F5 product Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=211715

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

EXTERNAL IDS

db:NVDid:CVE-2022-41743

Trust: 1.7

db:CNNVDid:CNNVD-202210-1451

Trust: 0.7

db:VULHUBid:VHN-429543

Trust: 0.1

sources: VULHUB: VHN-429543 // CNNVD: CNNVD-202210-1451 // NVD: CVE-2022-41743

REFERENCES

url:https://support.f5.com/csp/article/k01112063

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2022-41743/

Trust: 0.6

sources: VULHUB: VHN-429543 // CNNVD: CNNVD-202210-1451 // NVD: CVE-2022-41743

SOURCES

db:VULHUBid:VHN-429543
db:CNNVDid:CNNVD-202210-1451
db:NVDid:CVE-2022-41743

LAST UPDATE DATE

2024-08-14T13:21:35.093000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-429543date:2022-10-23T00:00:00
db:CNNVDid:CNNVD-202210-1451date:2022-10-24T00:00:00
db:NVDid:CVE-2022-41743date:2022-10-23T02:12:34.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-429543date:2022-10-19T00:00:00
db:CNNVDid:CNNVD-202210-1451date:2022-10-19T00:00:00
db:NVDid:CVE-2022-41743date:2022-10-19T22:15:12.807