F5 Networks Njs
Recent F5 Networks Njs Security Advisories
| Advisory | Title | Published |
|---|---|---|
| K80055530 | K80055530: NGINX NJS vulnerability CVE-2022-43286 | November 7, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in F5 Networks Njs . Last year Njs had 4 security vulnerabilities published. Right now, Njs is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.50 |
| 2022 | 21 | 7.65 |
| 2021 | 0 | 0.00 |
| 2020 | 4 | 6.08 |
| 2019 | 8 | 9.10 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Njs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Njs Security Vulnerabilities
Nginx NJS v0.7.10 was discovered to contain a segmentation violation
CVE-2023-27727
7.5 - High
- April 09, 2023
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.
Out-of-bounds Read
Nginx NJS v0.7.10 was discovered to contain a segmentation violation
CVE-2023-27728
7.5 - High
- April 09, 2023
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
Out-of-bounds Read
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy
CVE-2023-27729
7.5 - High
- April 09, 2023
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.
Nginx NJS v0.7.10 was discovered to contain a segmentation violation
CVE-2023-27730
7.5 - High
- April 09, 2023
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.
Out-of-bounds Read
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h
CVE-2022-43284
7.5 - High
- October 28, 2022
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job
CVE-2022-43285
7.5 - High
- October 28, 2022
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
CVE-2022-43286
9.8 - Critical
- October 28, 2022
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
Dangling pointer
Nginx NJS v0.7.7 was discovered to contain a segmentation violation
CVE-2022-38890
5.5 - Medium
- September 15, 2022
Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h
Out-of-bounds Read
Nginx NJS v0.7.5 was discovered to contain a segmentation violation
CVE-2022-34028
7.5 - High
- July 18, 2022
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h.
Nginx NJS v0.7.4 was discovered to contain a segmentation violation
CVE-2022-34027
7.5 - High
- July 18, 2022
Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
CVE-2022-34032
7.5 - High
- July 18, 2022
Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
Nginx NJS v0.7.5 was discovered to contain a segmentation violation
CVE-2022-34031
7.5 - High
- July 18, 2022
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h.
Nginx NJS v0.7.5 was discovered to contain a segmentation violation
CVE-2022-34030
7.5 - High
- July 18, 2022
Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c.
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read
CVE-2022-34029
9.1 - Critical
- July 18, 2022
Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.
Out-of-bounds Read
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
CVE-2022-31307
5.5 - Medium
- June 21, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.
Dangling pointer
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
CVE-2022-32414
5.5 - Medium
- June 21, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.
Dangling pointer
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
CVE-2022-31306
5.5 - Medium
- June 21, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.
Dangling pointer
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c
CVE-2022-29379
9.8 - Critical
- May 25, 2022
Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release
Memory Corruption
Nginx NJS v0.7.2 was discovered to contain a segmentation violation
CVE-2022-29369
7.5 - High
- May 12, 2022
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
Improper Check for Unusual or Exceptional Conditions
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference
CVE-2022-28049
5.5 - Medium
- April 15, 2022
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
NULL Pointer Dereference
nginx njs 0.7.2 is affected suffers
CVE-2022-27007
9.8 - Critical
- April 14, 2022
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
Dangling pointer
nginx njs 0.7.2 is vulnerable to Buffer Overflow
CVE-2022-27008
7.5 - High
- April 14, 2022
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
Classic Buffer Overflow
njs through 0.7.1
CVE-2021-46463
9.8 - Critical
- February 14, 2022
njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type Confusion vulnerability in njs_promise_perform_then().
Object Type Confusion
njs through 0.7.0
CVE-2022-25139
9.8 - Critical
- February 14, 2022
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
Dangling pointer
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation
CVE-2021-46462
7.5 - High
- February 14, 2022
njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.
njs through 0.4.3
CVE-2020-24346
7.8 - High
- August 13, 2020
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
Dangling pointer
njs through 0.4.3
CVE-2020-24347
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
Out-of-bounds Read
njs through 0.4.3
CVE-2020-24348
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
Out-of-bounds Read
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c
CVE-2020-24349
5.5 - Medium
- August 13, 2020
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
Dangling pointer
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call
CVE-2019-13617
6.5 - Medium
- July 16, 2019
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
Out-of-bounds Read
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c
CVE-2019-13067
9.8 - Critical
- June 30, 2019
njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
Out-of-bounds Read
njs through 0.3.1
CVE-2019-12206
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
Memory Corruption
njs through 0.3.1
CVE-2019-12207
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
Out-of-bounds Read
njs through 0.3.1
CVE-2019-12208
9.8 - Critical
- May 20, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
Memory Corruption
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c
CVE-2019-11839
9.8 - Critical
- May 09, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.push after a resize, related to njs_array_prototype_push in njs/njs_array.c, because of njs_array_expand size mishandling.
Memory Corruption
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c
CVE-2019-11838
9.8 - Critical
- May 09, 2019
njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in Array.prototype.splice after a resize, related to njs_array_prototype_splice in njs/njs_array.c, because of njs_array_expand size mishandling.
Memory Corruption
njs through 0.3.1
CVE-2019-11837
7.5 - High
- May 09, 2019
njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.
Numeric Errors
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NGINX Njs or by F5 Networks? Click the Watch button to subscribe.
