CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vmcode_typeof in /src/njs_vmcode.c.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nginx:njs:*:*:*:*:*:*:*:*

History

11 May 2022, 14:40

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0007/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0007/ - Third Party Advisory

03 Mar 2022, 11:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220303-0007/ -

22 Feb 2022, 20:17

Type Values Removed Values Added
First Time Nginx
Nginx njs
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
References (MISC) https://github.com/nginx/njs/issues/450 - (MISC) https://github.com/nginx/njs/issues/450 - Exploit, Third Party Advisory
References (MISC) https://github.com/nginx/njs/commit/d457c9545e7e71ebb5c0479eb16b9d33175855e2 - (MISC) https://github.com/nginx/njs/commit/d457c9545e7e71ebb5c0479eb16b9d33175855e2 - Patch, Vendor Advisory
CPE cpe:2.3:a:nginx:njs:*:*:*:*:*:*:*:*
CWE CWE-119

14 Feb 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-14 22:15

Updated : 2023-12-10 14:22


NVD link : CVE-2021-46461

Mitre link : CVE-2021-46461

CVE.ORG link : CVE-2021-46461


JSON object : View

Products Affected

nginx

  • njs
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer