njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxtvsprintf in nxt/nxtsprintf.c during error handling, as demonstrated by an njsregexpliteral call that leads to an njsparserlexererror call and then an njsparserscopeerror call.
{ "versions": [ { "introduced": "0" }, { "last_affected": "0.3.3" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13617.json"