CVE-2019-13067Out-of-bounds Read in F5 NJS

CWE-125Out-of-bounds Read3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 41.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 NJS
Timeline
PublishedJun 30
Latest updateMay 24

Description

njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDf5/njs0.3.3

🔴Vulnerability Details

2
GHSA
GHSA-7q32-cwfh-9pj6: njs through 02022-05-24
CVEList
CVE-2019-13067: njs through 02019-06-29
CVE-2019-13067 — Out-of-bounds Read in F5 NJS | cvebase