Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-66278

CVE-2024-7347 in Nginx versions 1.5 until 1.26.2

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • rhel-8.10, CentOS Stream 9, rhel-9.4
    • nginx
    • No
    • None
    • rhel-sst-cs-stacks
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • All
    • None

      Nginx versions 1.5.13 up to (excluding) 1.26.2 contain the following security vulnerability. 

       

      Security: processing of a specially crafted mp4 file by the
             ngx_http_mp4_module might cause a worker process crash
             (CVE-2024-7347).

       

      RHEL 8+, CentOS Stream 9+ including Application Streams contain vulnerable versions.

              luhliari@redhat.com Lubos Uhliarik
              pim_lemonbit Pim Rupert
              Lubos Uhliarik Lubos Uhliarik
              rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe rhel-cs-infra-services-qe
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: