Segmentation Violation in Nginx NJS Affects Web Performance
CVE-2022-29369

7.5HIGH

Key Information:

Vendor: F5
Status: Njs
Vendor: CVE Published:; 12 May 2022

What is CVE-2022-29369?

The Nginx NJS framework version 0.7.2 has been identified to exhibit a segmentation violation through the function njs_lvlhsh_bucket_find within the njs_lvlhsh.c file. This vulnerability can lead to unexpected behavior, and potentially impact the stability and performance of web applications utilizing this version. Developers and systems administrators are urged to review their implementations and apply necessary updates or mitigations to safeguard against potential exploitation.

References

https://github.com/nginx/njs/issues/467

x_refsource_MISC

https://github.com/nginx/njs/commit/222d6fdcf0c6485ec8e17...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
Apr 16, 2022

F5

What is CVE-2022-29369?

References

CVSS V3.1

Timeline