What is CVE-2012-2089?

CVE-2012-2089 is a vulnerability in F5 Nginx, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2012-04-17.

Is CVE-2012-2089 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in F5 Nginx

CVE-2012-2089

Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or p…

Vulnerability class: Buffer Overflow

EPSS: 0.053 (90.2th percentile) — read the EPSS interpretation.

Affected products

F5 Nginx
Fedoraproject Fedora — versions 15, 16, 17
N/a — versions n/a

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

Public proof-of-concept exploits

References

nginx-ngxhttpmp4module-bo(74831) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
1026924 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
FEDORA-2012-6371 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
FEDORA-2012-6411 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
52999 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
[oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089 (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
FEDORA-2012-6238 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2012-2089?: CVE-2012-2089 is a vulnerability in F5 Nginx, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2012-04-17.
Is CVE-2012-2089 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.