2 matches found
Heap overflow
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call...
CVE-2019-13617
CVE-2019-13617 affects njs up to 0.3.3 used in NGINX. The vulnerability is a heap-based buffer over-read in nxt_vsprintf (nxt/nxt_sprintf.c) during error handling, demonstrated by an njs_regexp_literal path that triggers njs_parser_lexer_error and then njs_parser_scope_error. Impact described as ...