F5 Njs vulnerabilities

CVE-2023-27730 [HIGH] CWE-125 CVE-2023-27730: Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_fin Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.

CVE-2023-27729 [HIGH] CWE-119 CVE-2023-27729: Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.

CVE-2023-27727 [HIGH] CWE-125 CVE-2023-27727: Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_f Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.

CVE-2023-27728 [HIGH] CWE-125 CVE-2023-27728: Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_re Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.

CVE-2020-19695 [CRITICAL] CWE-120 CVE-2020-19695: Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_ob Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.

CVE-2020-19692 [CRITICAL] CWE-120 CVE-2020-19692: Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitr Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.

CVE-2022-43286 [CRITICAL] CWE-416 CVE-2022-43286: Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy i Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

CVE-2022-43284 [HIGH] CVE-2022-43284: Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_va Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

CVE-2022-43285 [HIGH] CWE-787 CVE-2022-43285: Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOT Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.

CVE-2022-38890 [MEDIUM] CWE-125 CVE-2022-38890: Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

CVE-2022-34029 [CRITICAL] CWE-125 CVE-2022-34029: Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h. Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

CVE-2022-34028 [HIGH] CVE-2022-34028: Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.

CVE-2022-34030 [HIGH] CVE-2022-34030: Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_ Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.

CVE-2022-34031 [HIGH] CVE-2022-34031: Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/n Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.

CVE-2022-34032 [HIGH] CVE-2022-34032: Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_en Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

CVE-2022-34027 [HIGH] CVE-2022-34027: Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_va Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

CVE-2022-31307 [MEDIUM] CWE-416 CVE-2022-31307: Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offse Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.

CVE-2022-31306 [MEDIUM] CWE-416 CVE-2022-31306: Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_conver Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.

CVE-2022-32414 [MEDIUM] CWE-416 CVE-2022-32414: Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_inter Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.

CVE-2022-29379 [CRITICAL] CWE-787 CVE-2022-29379: Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loade Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release