Vulnerabilities > CVE-2022-29379 - Out-of-bounds Write vulnerability in F5 NJS 0.7.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release
Common Weakness Enumeration (CWE)
References
- https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1
- https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1
- https://github.com/nginx/njs/issues/491
- https://github.com/nginx/njs/issues/491
- https://github.com/nginx/njs/issues/493
- https://github.com/nginx/njs/issues/493