7.5

CVE-2022-35173

Exploit
An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NginxNjs Version0.7.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.08% 0.607
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

http://hg.nginx.org/njs/rev/b7c4e0f714a9
Patch
Third Party Advisory
https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e
Patch
Third Party Advisory
https://github.com/nginx/njs/issues/553
Third Party Advisory
Exploit
Issue Tracking