Vulnerability Details CVE-2022-29379
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1
- https://github.com/nginx/njs/issues/491
- https://github.com/nginx/njs/issues/493
- https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1
- https://github.com/nginx/njs/issues/491
- https://github.com/nginx/njs/issues/493