Skip to main content

Njs CVE-2022-34029

CRITICAL
Out-of-bounds Read (CWE-125)
2022-07-18 cve@mitre.org
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 18, 2022 - 21:15 nvd
CRITICAL 9.1

DescriptionNVD

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

AnalysisAI

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Affected products include: F5 Njs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Njs

View all
CVE-2022-43286 CRITICAL POC
9.8 Oct 28

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_j

CVE-2022-29379 CRITICAL POC
9.8 May 25

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/nj

CVE-2022-27007 CRITICAL POC
9.8 Apr 14

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a resto

CVE-2019-13067 CRITICAL POC
9.8 Jun 30

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical severity (

CVE-2019-12208 CRITICAL POC
9.8 May 20

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. Ra

CVE-2019-12207 CRITICAL POC
9.8 May 20

njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. Rated critical

CVE-2019-12206 CRITICAL POC
9.8 May 20

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. Rated critical seve

CVE-2019-11839 CRITICAL POC
9.8 May 09

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to nj

CVE-2019-11838 CRITICAL POC
9.8 May 09

njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to

CVE-2020-24346 HIGH POC
7.8 Aug 13

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. Rated high severit

CVE-2023-27730 HIGH POC
7.5 Apr 09

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.

CVE-2023-27728 HIGH POC
7.5 Apr 09

Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_v

Share

CVE-2022-34029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy