CVE-2022-29379 — CRITICAL (9.8)

Vulnerability Description

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
F5	Njs	0.7.3

Related Weaknesses (CWE)

CWE-787

References

https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1PatchThird Party Advisory
https://github.com/nginx/njs/issues/491Issue TrackingThird Party Advisory
https://github.com/nginx/njs/issues/493ExploitIssue TrackingPatch
https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1PatchThird Party Advisory
https://github.com/nginx/njs/issues/491Issue TrackingThird Party Advisory
https://github.com/nginx/njs/issues/493ExploitIssue TrackingPatch

FAQ

What is CVE-2022-29379?

CVE-2022-29379 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior...

How severe is CVE-2022-29379?

CVE-2022-29379 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-29379?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Njs.