CVE-2022-27008 — Classic Buffer Overflow in F5 NJS

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 14

Latest updateApr 15

Description

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

▶NVDf5/njs0.7.2

GHSA

GHSA-h4q9-8pc7-f4x9: nginx njs 0↗2022-04-15

▶

CVEList

CVE-2022-27008: nginx njs 0↗2022-04-14

▶