Use-after-free Vulnerability in nginx njs by Nginx
CVE-2022-27007
9.8CRITICAL
Summary
The nginx njs engine version 0.7.2 is vulnerable to a use-after-free issue in the njs_function_frame_alloc()
function. This vulnerability can be exploited when invoking a function from a restored frame that was previously saved using njs_function_frame_save()
. Attackers could potentially leverage this flaw to disrupt service or execute arbitrary code by manipulating function frames.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved