Nginx NJS Vulnerability in Version 0.7.10
CVE-2023-27729

7.5HIGH

Key Information:

Vendor: F5
Status: Njs
Vendor: CVE Published:; 9 April 2023

What is CVE-2023-27729?

A vulnerability has been identified in Nginx NJS version 0.7.10, related to an illegal memcpy operation within the njs_vmcode_return function located in src/njs_vmcode.c. This flaw can have serious implications on data handling, potentially leading to unexpected behavior or unauthorized access. Immediate attention to this issue is suggested for users of the affected version to prevent exploitation.

References

https://github.com/nginx/njs/issues/619

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2023
Vulnerability Reserved
Mar 5, 2023

F5

What is CVE-2023-27729?

References

CVSS V3.1

Timeline