Details of VAR-202210-1828

ID

VAR-202210-1828

CVE

CVE-2022-41743

TITLE

Multiple F5 product Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

DESCRIPTION

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. F5 F5OS-A is an operating system software

Trust: 0.99

sources: NVD: CVE-2022-41743 // VULHUB: VHN-429543

AFFECTED PRODUCTS

vendor:	f5	model:	nginx ingress controller	scope:	lte	version:	2.4.0	Trust: 1.0
vendor:	f5	model:	nginx ingress controller	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	f5	model:	nginx ingress controller	scope:	gte	version:	1.9.0	Trust: 1.0
vendor:	f5	model:	nginx plus	scope:	lte	version:	r27	Trust: 1.0
vendor:	f5	model:	nginx ingress controller	scope:	lte	version:	1.12.4	Trust: 1.0
vendor:	f5	model:	nginx plus	scope:	gte	version:	r22	Trust: 1.0

sources: NVD: CVE-2022-41743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-41743
value:	HIGH
Trust: 1.0
f5sirt@f5.com:	CVE-2022-41743
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202210-1451
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-41743
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202210-1451 // NVD: CVE-2022-41743 // NVD: CVE-2022-41743

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-429543 // NVD: CVE-2022-41743

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

PATCH

title:

Multiple F5 product Buffer error vulnerability fix

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=211715

Trust: 0.6

sources: CNNVD: CNNVD-202210-1451

EXTERNAL IDS

db:	NVD	id:	CVE-2022-41743	Trust: 1.7
db:	CNNVD	id:	CNNVD-202210-1451	Trust: 0.7
db:	VULHUB	id:	VHN-429543	Trust: 0.1

sources: VULHUB: VHN-429543 // CNNVD: CNNVD-202210-1451 // NVD: CVE-2022-41743

REFERENCES

url:	https://support.f5.com/csp/article/k01112063	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2022-41743/	Trust: 0.6

sources: VULHUB: VHN-429543 // CNNVD: CNNVD-202210-1451 // NVD: CVE-2022-41743

SOURCES

db:	VULHUB	id:	VHN-429543
db:	CNNVD	id:	CNNVD-202210-1451
db:	NVD	id:	CVE-2022-41743

LAST UPDATE DATE

2024-08-14T13:21:35.093000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-429543	date:	2022-10-23T00:00:00
db:	CNNVD	id:	CNNVD-202210-1451	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2022-41743	date:	2022-10-23T02:12:34.347

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-429543	date:	2022-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202210-1451	date:	2022-10-19T00:00:00
db:	NVD	id:	CVE-2022-41743	date:	2022-10-19T22:15:12.807