CVE-2022-29379 — Out-of-bounds Write in F5 NJS

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 34.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 NJS

Timeline

PublishedMay 25

Latest updateMay 26

Description

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDf5/njs0.7.3

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v3rv-628p-7xrq: Nginx NJS v0↗2022-05-26

▶

CVEList

CVE-2022-29379: Nginx NJS v0↗2022-05-25

▶