Back to search
CVE-2019-13617
Published: Jul 16, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/nginx/njs/issues/174
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15093
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now