Vulnerabilities > CVE-2022-29379 - Out-of-bounds Write vulnerability in F5 NJS 0.7.3

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

CWE-787

critical

NVD

Published: 2022-05-25

Updated: 2024-04-11

Summary

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 NJS 0.7.3	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/nginx/njs/issues/493
https://github.com/nginx/njs/issues/491
https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1