CVE-2022-25139
published 2022-02-14CVE-2022-25139: njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | nginx | >= 0 < 1.20.2-r2 | 1.20.2-r2 |
| f5 | njs | < 0.7.2 | 0.7.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL