Nginx NJS 0.7.5 njs_value_conversion.h njs_value_to_number memory corruption

A vulnerability, which was classified as critical, was found in Nginx NJS 0.7.5 (Web Server). Affected is the function njs_value_to_number of the file src/njs_value_conversion.h. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2022 10:00 AM08/06/2022 10:59 AM
vendorNginxNginx
nameNJSNJS
version0.7.50.7.5
filesrc/njs_value_conversion.hsrc/njs_value_conversion.h
functionnjs_value_to_numbernjs_value_to_number
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rcCC
identifier523523
urlhttps://github.com/nginx/njs/issues/523https://github.com/nginx/njs/issues/523
cveCVE-2022-34031CVE-2022-34031
cve_assigned1655676000 (06/20/2022)1655676000 (06/20/2022)
cve_nvd_summaryNginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
typeWeb ServerWeb Server
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.25.2
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.5
cvss3_meta_basescore5.56.5
cvss3_meta_tempscore5.56.5
price_0day$0-$5k$0-$5k
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_nvd_basescore7.5

Do you need the next level of professionalism?

Upgrade your account now!