Segmentation Violation in Nginx NJS Affects Specific Versions
CVE-2022-43284

7.5HIGH

Key Information:

Vendor: F5
Status: Njs
Vendor: CVE Published:; 28 October 2022

What is CVE-2022-43284?

A segmentation violation has been identified in Nginx NJS versions 0.7.2 through 0.7.4 due to a flaw in the njs_scope_valid_value function at njs_scope.h. Although the vendor, Nginx, asserts that this report's implications are minimal since NJS does not handle untrusted input, users should still remain vigilant in reviewing their implementations and consider upgrading to the latest version for improved security.

References

https://github.com/nginx/njs/issues/470

https://github.com/nginx/njs/issues/529

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2022
Vulnerability Reserved
Oct 17, 2022

F5

What is CVE-2022-43284?

References

CVSS V3.1

Timeline