CVE-2022-29379

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-29379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-29379
Downstream
Published
2022-05-25T13:15:07.837Z
Modified
2026-04-11T23:14:51.720465Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release

References

Affected packages

Git / github.com/nginx/njs

Affected ranges

Type
GIT
Repo
https://github.com/nginx/njs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b29a97464a46644005aed24b803e70ecf8e3f8fe
Fixed
ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.3"
        }
    ]
}

Affected versions

0.*
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29379.json"
vanir_signatures_modified 
"2026-04-11T23:14:51Z"
vanir_signatures 
[
    {
        "deprecated": false,
        "target": {
            "file": "src/njs_module.c",
            "function": "njs_module_path"
        },
        "signature_type": "Function",
        "digest": {
            "function_hash": "248086882674698133665043392765408486192",
            "length": 1011.0
        },
        "signature_version": "v1",
        "source": "https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1",
        "id": "CVE-2022-29379-44270a4c"
    },
    {
        "deprecated": false,
        "target": {
            "file": "src/njs_module.c"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "7482429832924647298072604975357235335",
                "269769495447719256786790798903243586245",
                "87101805687335253733718727200713835148",
                "149793166008216924919036397748877764215"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/nginx/njs/commit/ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1",
        "id": "CVE-2022-29379-f4471404"
    }
]