PT-2019-5778 · Nginx · Njs
Shuoz
·
Published
2019-06-03
·
Updated
2022-03-24
·
CVE-2019-13617
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
njs versions through 0.3.3
Description
The issue is related to a heap-based buffer over-read in the nxt vsprintf function in nxt/nxt sprintf.c during error handling. This can occur when an
njs regexp literal call leads to an njs parser lexer error call and then an njs parser scope error call. The vulnerability may allow a remote attacker to cause a denial of service.Recommendations
For njs versions through 0.3.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Njs