5.5
CVE-2022-28049
- EPSS 0.8%
- Veröffentlicht 15.04.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 06:56:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.8% | 0.522 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://security.netapp.com/advisory/ntap-20220519-0008/
https://github.com/nginx/njs/commit/f65981b0b8fcf02d69a40bc934803c25c9f607ab
https://github.com/nginx/njs/issues/473