Nginx NJS 0.7.4 njs_scope.h njs_scope_value out-of-bounds

A vulnerability classified as problematic was found in Nginx NJS 0.7.4 (Web Server). This vulnerability affects the function njs_scope_value of the file njs_scope.h. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2022 09:58 AM08/06/2022 10:48 AM
vendorNginxNginx
nameNJSNJS
version0.7.40.7.4
filenjs_scope.hnjs_scope.h
functionnjs_scope_valuenjs_scope_value
cwe125 (out-of-bounds)125 (out-of-bounds)
risk11
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
identifier506506
urlhttps://github.com/nginx/njs/issues/506https://github.com/nginx/njs/issues/506
cveCVE-2022-34029CVE-2022-34029
cve_assigned1655676000 (06/20/2022)1655676000 (06/20/2022)
cve_nvd_summaryNginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
typeWeb ServerWeb Server
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore2.32.3
cvss2_vuldb_tempscore2.32.3
cvss3_vuldb_basescore3.53.5
cvss3_vuldb_tempscore3.53.5
cvss3_meta_basescore3.56.3
cvss3_meta_tempscore3.56.3
price_0day$0-$5k$0-$5k
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_nvd_basescore9.1

Interested in the pricing of exploits?

See the underground prices here!