413 matches found
Code injection
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxtutf8next in nxt/nxtutf8.h and njsstringoffset in njs/njsstring.c...
CVE-2019-11839
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njsarrayprototypepush in njs/njsarray.c, because of njsarrayexpand size mishandling...
CVE-2019-11838
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njsarrayprototypesplice in njs/njsarray.c, because of njsarrayexpand size mishandling...
Heap overflow
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njsarrayprototypepush in njs/njsarray.c, because of njsarrayexpand size mishandling...
CVE-2019-11837
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxtutf8next in nxt/nxtutf8.h and njsstringoffset in njs/njsstring.c...
CVE-2019-11839
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njsarrayprototypepush in njs/njsarray.c, because of njsarrayexpand size mishandling...
CVE-2019-11838
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njsarrayprototypesplice in njs/njsarray.c, because of njsarrayexpand size mishandling...
CVE-2019-11839
CVE-2019-11839 affects the NGINX NJS component (njs up to 0.3.1). The vulnerability is a heap-based buffer overflow in Array.prototype.push after a resize, caused by mishandling the size in njs_array_expand (njs/njs_array.c). Red Hat and other sources confirm this is a year‑old entry, with common...
CVE-2019-11839
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njsarrayprototypepush in njs/njsarray.c, because of njsarrayexpand size mishandling...
CVE-2019-11838
CVE-2019-11838 concerns njs (used in NGINX) up to version 0.3.1, with a heap-based buffer overflow in Array.prototype.splice after a resize. The root cause is reported as mishandling the size in njs_array_expand, affecting njs_array_prototype_splice in njs/njs_array.c. Documents consistently desc...
CVE-2019-11838
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njsarrayprototypesplice in njs/njsarray.c, because of njsarrayexpand size mishandling...
CVE-2019-11837
CVE-2019-11837 affects njs up to version 0.3.1 used in NGINX. The vulnerability is a segmentation fault in String.prototype.toBytes for negative arguments, tied to nxt_utf8_next (nxt/nxt_utf8.h) and njs_string_offset (njs/njs_string.c). The connected documents provide concrete technical details a...
CVE-2019-11837
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxtutf8next in nxt/nxtutf8.h and njsstringoffset in njs/njsstring.c...