CVE-2022-27008

Source
https://cve.org/CVERecord?id=CVE-2022-27008
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27008.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-27008
Published
2022-04-14T14:04:56Z
Modified
2026-07-09T02:49:37.940192Z
Summary
[none]
Details

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.

Database specific
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/27xxx/CVE-2022-27008.json"
}
References

Affected packages

Git / github.com/nginx/njs

Affected ranges

Type
GIT
Repo
https://github.com/nginx/njs
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0.7.2"
        },
        {
            "last_affected": "0.7.2"
        }
    ],
    "cpe": "cpe:2.3:a:f5:njs:0.7.2:*:*:*:*:*:*:*",
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.7.2

Database specific

vanir_signatures_modified
"2026-07-09T02:49:37Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27008.json"
vanir_signatures
[
    {
        "signature_type": "Line",
        "target": {
            "file": "src/test/njs_unit_test.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "286191045354529882396740339644735296472",
                "316780131915622020408303156242938990206",
                "181382248073213818382603782539801578146"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-27008-1dc9d0ab",
        "source": "https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/njs_array.c",
            "function": "njs_array_expand"
        },
        "deprecated": false,
        "digest": {
            "length": 927.0,
            "function_hash": "83705897729495263705284045029005404880"
        },
        "id": "CVE-2022-27008-7352925d",
        "source": "https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716",
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/njs_array.c",
            "function": "njs_array_prototype_concat"
        },
        "deprecated": false,
        "digest": {
            "length": 2079.0,
            "function_hash": "60624386110504712699579016151394775546"
        },
        "id": "CVE-2022-27008-7bd205ac",
        "source": "https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716",
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/njs_array.c"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "48241974990846658713313821784833087175",
                "255892893843865148440688413348679083444",
                "38328431894080283965435394860074998608",
                "148660513481489026456076781025019725824",
                "195848396845944515574882684204123083977",
                "180341844466080205318362789255831835170",
                "143960762337730777257097786448965919329",
                "49696200087777734619665511529601056911",
                "122705887846865894578818938490005853615"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2022-27008-f5ae3ac1",
        "source": "https://github.com/nginx/njs/commit/e673ae41a998d1391bd562edb2ed6d49db7cc716",
        "signature_version": "v1"
    }
]