ExpressVPN Router 输入验证错误漏洞

ExpressVPN Router is a VPN router from ExpressVPN UK. It provides a protected network communication feature. ExpressVPN Router suffers from an input validation error vulnerability that originates from an integer buffer overflow in the Nginx web server, which can be exploited by an attacker to...

CVE-2019-13617

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...