NULL Pointer Dereference in NGINX NJS Affecting Multiple Versions
CVE-2022-28049

5.5MEDIUM

Key Information:

Vendor
F5
Status
Njs
Vendor
CVE Published:
15 April 2022

Summary

A vulnerability has been identified in NGINX NJS 0.7.2 that allows for a NULL pointer dereference through the njs_vmcode_array component located at /src/njs_vmcode.c. This flaw may lead to unexpected behavior or crashes in applications using this library, making it essential for developers and system administrators to apply available updates or patches to mitigate potential risks. For more details, check the advisory links provided.

References

https://github.com/nginx/njs/issues/473
x_refsource_MISC
https://github.com/nginx/njs/commit/f65981b0b8fcf02d69a40...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220519-0008/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.