CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24346
https://notcve.org/view.php?id=CVE-2020-24346
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. njs versiones hasta a 0.4.3, usado en NGINX, presenta un uso de la memoria previamente liberada en la función njs_json_parse_iterator_call en el archivo njs_json.c • https://github.com/nginx/njs/issues/325 https://security.netapp.com/advisory/ntap-20200918-0001 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24347
https://notcve.org/view.php?id=CVE-2020-24347
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. njs versiones hasta a 0.4.3, usado en NGINX, presenta una lectura fuera de límites en la función njs_lvlhsh_level_find en el archivo njs_lvlhsh.c • https://github.com/nginx/njs/issues/323 https://security.netapp.com/advisory/ntap-20200918-0001 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24348
https://notcve.org/view.php?id=CVE-2020-24348
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. njs versiones hasta a 0.4.3, usado en NGINX, presenta una lectura fuera de límites en la función njs_json_stringify_iterator en el archivo njs_json.c • https://github.com/nginx/njs/issues/322 https://security.netapp.com/advisory/ntap-20200918-0001 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24349
https://notcve.org/view.php?id=CVE-2020-24349
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. njs versiones hasta a 0.4.3, usado en NGINX, permite un secuestro del flujo de control en la función njs_value_property en el archivo njs_value.c. NOTA: el proveedor considera que el problema es "fluff" en el caso de uso de NGINX porque no se presenta una superficie de ataque remota • https://cwe.mitre.org/data/definitions/416.html https://github.com/nginx/njs/issues/324 https://security.netapp.com/advisory/ntap-20200918-0001 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13617
https://notcve.org/view.php?id=CVE-2019-13617
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call. njs hasta la versión 0.3.3, usado en NGINX, presenta una lectura excesiva del búfer en la región heap de la memoria en nxt_vsprintf en el archivo nxt/nxt_sprintf.c durante el manejo de errores, como es demostrado por una llamada de la función njs_regexp_liter_parserpac. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15093 https://github.com/nginx/njs/issues/174 • CWE-125: Out-of-bounds Read •