Nginx NJS 0.7.5 src/njs_value.c njs_value_own_enumerate memory corruption

A vulnerability has been found in Nginx NJS 0.7.5 (Web Server) and classified as critical. Affected by this vulnerability is the function njs_value_own_enumerate of the file src/njs_value.c. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2022 10:00 AM08/06/2022 11:05 AM
vendorNginxNginx
nameNJSNJS
version0.7.50.7.5
filesrc/njs_value.csrc/njs_value.c
functionnjs_value_own_enumeratenjs_value_own_enumerate
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rcCC
identifier524524
urlhttps://github.com/nginx/njs/issues/524https://github.com/nginx/njs/issues/524
cveCVE-2022-34032CVE-2022-34032
cve_assigned1655676000 (06/20/2022)1655676000 (06/20/2022)
cve_nvd_summaryNginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
typeWeb ServerWeb Server
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.25.2
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.5
cvss3_meta_basescore5.56.5
cvss3_meta_tempscore5.56.5
price_0day$0-$5k$0-$5k
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_nvd_basescore7.5

Do you need the next level of professionalism?

Upgrade your account now!