PT-2023-7315 · Nginx · Nginx Njs
Ret2Ddmeo
·
Publicado
2023-04-09
·
Atualizado
2023-05-26
·
CVE-2023-27727
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Nginx NJS version 0.7.10
Description
The issue is related to a segmentation violation via the function
njs function frame at src/njs function.h. This can lead to a denial of service. The vulnerability is associated with a memory access issue, specifically reading beyond memory boundaries.Recommendations
For Nginx NJS version 0.7.10, consider disabling the
njs function frame function as a temporary workaround until a patch is available. Restrict access to the njs function frame function to minimize the risk of exploitation.Exploit
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Nginx Njs