How severe is CVE-2018-16845?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2018-16845?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2018-16845 - HIGH Severity | CVSS 8.2

Vulnerability Description

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

Related Vulnerabilities

CVE-2016-10524

HIGH

CVSS:8.2(High)

i18n-node-angular is a module used to interact between i18n and angular without using additional resources. A REST API endpoint that is used for development in i18n-node-angular before 1.4.0 was not d...

CWE-4002016

CVE-2019-9583

HIGH

CVSS:8.2(High)

eQ-3 Homematic CCU2 and CCU3 obtain session IDs without login. This allows a Denial of Service and is a starting point for other attacks. Affected versions for CCU2: 2.35.16, 2.41.5, 2.41.8, 2.41.9, 2...

CWE-4002019

CVE-2020-7587

HIGH

CVSS:8.2(High)

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcente...

CWE-4002020

CVE-2021-47023

HIGH

CVSS:8.2(High)

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port events ...

CWE-4002021

CVE-2024-38616

HIGH

CVSS:8.2(High)

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: re-fix fortified-memset warning The carl9170_tx_release() function sometimes triggers a fortified-memset warning in ...

CWE-4002024

CVE-2021-38463

HIGH

CVSS:8.1(High)

The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.

CWE-4002021