Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 838352

Summary: www-servers/nginx: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: hydrapolic, whissi
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-14 17:06:52 UTC 
CVE-2022-27007 (https://github.com/nginx/njs/commit/ad48705bf1f04b4221a5f5b07715ac48b3160d53):

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

CVE-2022-27008 (https://github.com/nginx/njs/issues/471):

nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-16 05:11:12 UTC 
Sorry, this was meant to be added to the other bug.

*** This bug has been marked as a duplicate of bug 838247 ***