CVE-2022-25139
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-25139
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25139.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-25139
- Downstream
- Published
- 2022-02-14T22:15:08Z
- Modified
- 2025-10-21T06:59:43.963297Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njsawaitfulfilled.
- References
Affected packages
Git / github.com/nginx/njs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nginx/njs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
Database specific
vanir_signatures
[
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "159869202928461279120140217026715637814",
"length": 221.0
},
"target": {
"function": "njs_vm_start",
"file": "src/njs_vm.c"
},
"id": "CVE-2022-25139-022f1c90",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"299501325127647677370397351412489998191",
"165514229451339348005598600007258459700",
"315271151246530528523987527625917578653",
"26372586750537534992858291290292970354",
"289186967938235302177701185187394367550",
"70036568884174756364177677548049568654",
"182114208819750783380503892358594349050",
"238360324640715754918731923250613095517",
"147842365042288402022259976414854042876",
"113596502706607859057409682514625772781",
"188749800840665982467759634070757514710",
"183543176610710569419557455077999791927",
"54233347467525985390444263905843502198",
"93399687441230418412941651091439254551",
"198882619039239729643104305958744219884",
"209898153080857952771127505170822869731",
"313568867627547768393739973256313047265",
"164477788747837223955237980707376363748",
"60083825972453544444185824248377354346",
"320443958975015695505288044439050677489",
"121344166693358098388110502108701050901"
]
},
"target": {
"file": "src/njs_async.c"
},
"id": "CVE-2022-25139-0362e523",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60493263708633285423939095647287137378",
"187577365841367888194011412355148044670",
"100725054713103056967075504758654143578",
"115135441268961150887630232350143245407"
]
},
"target": {
"file": "src/njs_function.h"
},
"id": "CVE-2022-25139-03a94835",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "156387168476962798655544808876239460793",
"length": 1926.0
},
"target": {
"function": "njs_vmcode_await",
"file": "src/njs_vmcode.c"
},
"id": "CVE-2022-25139-5ce857f8",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"203223909965209774891540867988539767974",
"210806772516032365851931825680885932501",
"33128064854838801345851916451234822385",
"87063537471886354151303968093042644683"
]
},
"target": {
"file": "src/njs_vm.c"
},
"id": "CVE-2022-25139-64dabd0b",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "286556312603372895041079393544154900216",
"length": 321.0
},
"target": {
"function": "njs_function_frame_invoke",
"file": "src/njs_function.c"
},
"id": "CVE-2022-25139-81a65733",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"255634136792296978879749392817874698513",
"317305752474855021305036030013621744388",
"25057627101493731468708682156734333388"
]
},
"target": {
"file": "src/njs_vmcode.h"
},
"id": "CVE-2022-25139-8e763bf6",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "296420581474941866251902029822359922400",
"length": 1797.0
},
"target": {
"function": "njs_function_lambda_call",
"file": "src/njs_function.c"
},
"id": "CVE-2022-25139-bc0203e8",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "330196663835652526930299546073955273481",
"length": 15822.0
},
"target": {
"function": "njs_vmcode_interpreter",
"file": "src/njs_vmcode.c"
},
"id": "CVE-2022-25139-bdd892ba",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"226326405789590664553470747065684252073",
"43484670794839384869149047182293861953",
"116484298224502831392726890369144355732",
"6188228936750796413849694797461891413"
]
},
"target": {
"file": "src/njs_value.h"
},
"id": "CVE-2022-25139-d1e19679",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "82746156843552190940183103694155867518",
"length": 1891.0
},
"target": {
"function": "njs_await_fulfilled",
"file": "src/njs_async.c"
},
"id": "CVE-2022-25139-e6380b49",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"62349804092457175723958018373569036548",
"264535644452027911575988654885850241502",
"143450769423383014016403702202412691806",
"214938181743768456104412860347786353155",
"196964399592485101893600198745299637304",
"267114047914211162218182584140063524340",
"181898035442763210757707949604933159549",
"44491677355270933136348813404798874560",
"113425950137949738595805913441686307202",
"195680507645829781372302033731745462695",
"155677063030564506909841225746017749607",
"231769961580032274589846702269151403040",
"252014861502217676730143104211089697666",
"95421220701838418272637752360780543205",
"326876272809301854420984816420772938626",
"269195357598903834283238584753506273479",
"26173375880359022223827985707988984103",
"119566585046867731948706792487868526480",
"61772706844235251202548453993401974105",
"94734422408954366501069308872501773707",
"292773008481986032740394253150278762894",
"305780804561936038467250509816878122111",
"230418406867842309235114997638383759839",
"129092755891090820281841064098480610866",
"217380746074715480622217381954006807869",
"186067226494086561770912981984136437080",
"332242554823133288223436761436843255306",
"78724159557830708470992495396337178231",
"88848649481906248345317115419869659440"
]
},
"target": {
"file": "src/njs_vmcode.c"
},
"id": "CVE-2022-25139-e976cdc7",
"deprecated": false,
"signature_type": "Line"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"function_hash": "256290706419825150853400441771456092646",
"length": 830.0
},
"target": {
"function": "njs_async_function_frame_invoke",
"file": "src/njs_async.c"
},
"id": "CVE-2022-25139-eb4cbf4f",
"deprecated": false,
"signature_type": "Function"
},
{
"source": "https://github.com/nginx/njs/commit/6a07c2156a07ef307b6dcf3c2ca8571a5f1af7a6",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"108588471245068106143487685625958092341",
"189987310702655560341461897250170816457",
"324388347336711094878136747180786761225",
"90215833178858118201383198611144508055",
"22812341031345842045101356886420554530",
"130515276505821510577031053658551735679",
"99130168749193207579828608613801425229",
"113908073119683097396728169138488747672",
"28444829176919604075022835647438353094",
"74463152532109547018649875081059306309",
"301410828234089865278462515532396014713",
"41718945131898961117577097242186310288",
"155506929659090002377726966013633618570",
"208434985264666528176303940411022688173",
"104136770520914773060886605922333771447"
]
},
"target": {
"file": "src/njs_function.c"
},
"id": "CVE-2022-25139-f9b9274a",
"deprecated": false,
"signature_type": "Line"
}
]