CVE-2023-27728

Name of the Vulnerable Software and Affected Versions Nginx NJS version 0.7.10

Description The issue is related to a segmentation violation via the function njs dump is recursive at src/njs vmcode.c. This is caused by a memory boundary read issue in the njs dump is recursive function of the Nginx NJS interpreter. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For Nginx NJS version 0.7.10, consider disabling the njs dump is recursive function as a temporary workaround until a patch is available. Restrict access to the njs vmcode.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.