NULL Pointer Dereference in NGINX NJS Affecting Multiple Versions
CVE-2022-28049

5.5MEDIUM

Key Information:

Vendor

F5
Status
Njs
Vendor
CVE Published:
15 April 2022

What is CVE-2022-28049?

A vulnerability has been identified in NGINX NJS 0.7.2 that allows for a NULL pointer dereference through the njs_vmcode_array component located at /src/njs_vmcode.c. This flaw may lead to unexpected behavior or crashes in applications using this library, making it essential for developers and system administrators to apply available updates or patches to mitigate potential risks. For more details, check the advisory links provided.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/nginx/njs/issues/473
x_refsource_MISC
https://github.com/nginx/njs/commit/f65981b0b8fcf02d69a40...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220519-0008/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.