CVE-2022-27007

Опубликовано: 14 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

Ссылки

https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53
Patch
Third Party Advisory
https://github.com/nginx/njs/issues/469
Exploit
Issue Tracking
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220519-0008/
Third Party Advisory
https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53
Patch
Third Party Advisory
https://github.com/nginx/njs/issues/469
Exploit
Issue Tracking
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220519-0008/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f5:njs:0.7.2:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00503

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416

Связанные уязвимости

GHSA-5676-7fp6-4h94

CVSS3: 9.8

github

почти 4 года назад

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

BDU:2022-02728

CVSS3: 9.8

fstec

почти 4 года назад

Уязвимость функции njs_function_frame_alloc() интерпретатора njs сервера nginx, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность информации

EPSS

Процентиль: 66%

0.00503

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416