OpenCVE

Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Njs

Configuration 1 [-]

cpe:2.3:a:f5:njs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/nginx/njs/issues/470
https://github.com/nginx/njs/issues/529

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-28T00:00:00

Updated: 2024-08-03T13:26:02.864Z

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-43284

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-28T21:15:10.083

Modified: 2024-11-21T07:26:12.237

Link: CVE-2022-43284

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:njs:*:*:*:*:*:*:*:*", "matchCriteriaId": "96DDAE5D-3253-48C1-8F20-270A3DEFA2F9", "versionEndIncluding": "0.7.4", "versionStartIncluding": "0.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input."}, {"lang": "es", "value": "** DISPUTA ** Se descubri\u00f3 que Nginx NJS v0.7.2 a v0.7.4 conten\u00eda una infracci\u00f3n de segmentaci\u00f3n a trav\u00e9s de njs_scope_valid_value en njs_scope.h. NOTA: el proveedor cuestiona la importancia de este informe porque NJS no opera con informaci\u00f3n que no sea de confianza."}], "id": "CVE-2022-43284", "lastModified": "2024-11-21T07:26:12.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-28T21:15:10.083", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nginx/njs/issues/470"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nginx/njs/issues/529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nginx/njs/issues/470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/nginx/njs/issues/529"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}