Lucene search

GoogleOSV:CVE-2022-43286

HistoryOct 28, 2022 - 9:15 p.m.

CVE-2022-43286

2022-10-2821:15:10

Google

osv.dev

nginx

njs

heap-use-after-free

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

CPENameOperatorVersion
njseq0.3.7
njseq0.3.4
njseq0.4.2
njseq0.5.2
njseq0.7.0
njseq0.4.4
njseq0.2.2
njseq0.2.0
njseq0.1.4
njseq0.1.12

Name	Operator	Version
njs	eq	0.3.7
njs	eq	0.3.4
njs	eq	0.4.2
njs	eq	0.5.2
njs	eq	0.7.0
njs	eq	0.4.4
njs	eq	0.2.2
njs	eq	0.2.0
njs	eq	0.1.4
njs	eq	0.1.12

Rows per page:

1-10 of 511

References

github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a

github.com/nginx/njs/issues/480

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

Related for OSV:CVE-2022-43286