Miggo Logo
Miggo Vulnerability Database
CVE-2024-7347

CVE-2024-7347: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might...

4.7

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-7347
GHSA ID
GHSA-3r23-64c4-mj87
EPSS Score
0.29597%
CWE
CWE-125
Published
8/14/2024
Updated
1/22/2025
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability lies in the ngx_http_mp4_module.c file, specifically within the ngx_http_mp4_crop_stsc_data function. The provided patch clearly shows modifications to this function to prevent an integer overflow. The change in the data type of the variable n from uint32_t to uint64_t and the explicit cast during multiplication (uint64_t) (next_chunk - chunk) * samples are direct evidence of fixing an integer overflow vulnerability. This overflow could lead to an incorrect calculation of sample counts or offsets, resulting in an out-of-bounds read when processing a malicious MP4 file, as described in the vulnerability report. The function processes MP4 file metadata ('stsc' atom, which stands for Sample-To-Chunk), and an error here could lead to reading beyond allocated buffer boundaries.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

N*INX Op*n Sour** *n* N*INX Plus **v* * vuln*r**ility in t** n*x_*ttp_mp*_mo*ul*, w*i** mi**t *llow *n *tt**k*r to ov*r-r*** N*INX work*r m*mory r*sultin* in its t*rmin*tion, usin* * sp**i*lly *r**t** mp* *il*. T** issu* only *****ts N*INX i* it is *

Reasoning

T** vuln*r**ility li*s in t** `n*x_*ttp_mp*_mo*ul*.*` *il*, sp**i*i**lly wit*in t** `n*x_*ttp_mp*_*rop_sts*_**t*` *un*tion. T** provi*** p*t** *l**rly s*ows mo*i*i**tions to t*is *un*tion to pr*v*nt *n int***r ov*r*low. T** ***n** in t** **t* typ* o*