PT-2023-7315 · Nginx · Nginx Njs
Ret2Ddmeo
·
Published
2023-04-09
·
Updated
2023-05-26
·
CVE-2023-27727
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Nginx NJS version 0.7.10
Description
The issue is related to a segmentation violation via the function
njs function frame at src/njs function.h. This can lead to a denial of service. The vulnerability is associated with a memory access issue, specifically reading beyond memory boundaries.Recommendations
For Nginx NJS version 0.7.10, consider disabling the
njs function frame function as a temporary workaround until a patch is available. Restrict access to the njs function frame function to minimize the risk of exploitation.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nginx Njs