CVE-2022-43285 — Out-of-bounds Write in F5 NJS

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 52.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 NJS

Timeline

PublishedOct 28

Latest updateOct 29

Description

Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDf5/njs0.7.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-fgh9-wfj4-j5gv: Nginx NJS v0↗2022-10-29

▶

CVEList

CVE-2022-43285: Nginx NJS v0↗2022-10-28

▶