May 17, 2022 at 09:47AM

Proof-of-concept exploit release: nginx mp4 module DoS & Infoleak Vulnerability (2018) by @alisaesage.

Proof-of-concept exploit that demonstrates an out of bounds read in nginx v1.15.5 heap. This can be worked up to an information disclosure exploit with a bit of extra work. The bug itself, and potentially the exploit, affects earlier nginx versions to some extent.

https://zerodayengineering.com/exploits/nginx-mp4-infoleak.html

https://t.me/cKure/11351