Segmentation Violation in Nginx NJS Open Source Software
CVE-2022-31306

5.5MEDIUM

Key Information:

Vendor: F5
Status: Njs
Vendor: CVE Published:; 21 June 2022

Summary

A segmentation violation has been identified in Nginx NJS version 0.7.2. This vulnerability occurs within the function njs_array_convert_to_slow_array located in src/njs_array.c. It poses an issue when arrays are being processed, potentially allowing for disruptions during execution. Developers and users should be aware of this vulnerability to ensure appropriate security measures are in place.

References

https://github.com/nginx/njs/issues/481

x_refsource_MISC

https://github.com/nginx/njs/commit/81af26364c21c196dd21f...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2022
Vulnerability Reserved
May 23, 2022