Lucene search

GoogleOSV:CVE-2019-13617

HistoryJul 16, 2019 - 5:15 p.m.

CVE-2019-13617

2019-07-1617:15:12

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.

CPENameOperatorVersion
njseq0.2.2
njseq0.2.7
njseq0.2.8
njseq0.3.2
njseq0.1.12
njseq0.1.0
njseq0.2.6
njseq0.1.4
njseq0.2.3
njseq0.1.1

Name	Operator	Version
njs	eq	0.2.2
njs	eq	0.2.7
njs	eq	0.2.8
njs	eq	0.3.2
njs	eq	0.1.12
njs	eq	0.1.0
njs	eq	0.2.6
njs	eq	0.1.4
njs	eq	0.2.3
njs	eq	0.1.1

Rows per page:

1-10 of 291

References

bugs.chromium.org/p/oss-fuzz/issues/detail?id=15093

github.com/nginx/njs/issues/174

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for OSV:CVE-2019-13617