CVE-2023-27730

Name of the Vulnerable Software and Affected Versions Nginx NJS version 0.7.10

Description The issue is related to a segmentation violation in the njs lvlhsh find function at src/njs lvlhsh.c and a memory reading issue in the js vmcode return function at src/njs vmcode.c. This could allow a remote attacker to cause a denial of service.

Recommendations For Nginx NJS version 0.7.10, consider disabling the njs lvlhsh find and js vmcode return functions as a temporary workaround until a patch is available. Restrict access to the affected njs lvlhsh.c and njs vmcode.c files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.