Stack Overflow Vulnerability in Nginx NJS by Nginx
CVE-2022-29379

9.8CRITICAL

Key Information:

Vendor

F5
Status
Njs
Vendor
CVE Published:
25 May 2022

What is CVE-2022-29379?

A stack overflow vulnerability was identified in the Nginx NJS module version 0.7.3, specifically within the njs_default_module_loader function found in the njs_module.c source file. This flaw can potentially lead to unexpected behavior during execution. It is important to note that there is contention regarding the validity of the reported behavior, with multiple third-party sources indicating that it may occur exclusively in unreleased development code and not in stable versions 0.7.2, 0.7.3, or 0.7.4.

References

https://github.com/nginx/njs/issues/491
x_refsource_MISC
https://github.com/nginx/njs/issues/493
x_refsource_MISC
https://github.com/nginx/njs/commit/ab1702c7af9959366a5dd...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.