PT-2019-5778 · Nginx · Njs
Shuoz
·
Publicado
2019-06-03
·
Atualizado
2022-03-24
·
CVE-2019-13617
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
njs versions through 0.3.3
Description
The issue is related to a heap-based buffer over-read in the nxt vsprintf function in nxt/nxt sprintf.c during error handling. This can occur when an
njs regexp literal call leads to an njs parser lexer error call and then an njs parser scope error call. The vulnerability may allow a remote attacker to cause a denial of service.Recommendations
For njs versions through 0.3.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Njs