Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29369: Fixed njs_vmcode_interpreter() when "toString" conversion fails. · nginx/njs@222d6fd

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.

CVE
#js#git#nginx

Permalink

Browse files

Fixed njs_vmcode_interpreter() when “toString” conversion fails.

Previously, while interpreting a user function, njs_vmcode_interpreter() might return prematurely when an error happens. This is not correct because the current frame has to be unwound (or exception caught) first.

The fix is exit through only 5 appropriate exit points to ensure proper unwinding.

This closes #467 issue on Github.

  • Loading branch information

Showing with 13 additions and 6 deletions.

  1. +8 −6 src/njs_vmcode.c
  2. +5 −0 src/test/njs_unit_test.c

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907