First published: Thu Aug 13 2020(Updated: )
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
F5 Njs | <=0.4.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-24348 is medium with a CVSS score of 5.5.
The affected software for CVE-2020-24348 is F5 Njs with version up to and including 0.4.3.
CVE-2020-24348 is a vulnerability in njs through 0.4.3, used in NGINX, which allows for an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
Yes, you can find more information about CVE-2020-24348 at the following references: [Link 1](https://github.com/nginx/njs/issues/322) and [Link 2](https://security.netapp.com/advisory/ntap-20200918-0001/).
The Common Weakness Enumeration (CWE) ID for CVE-2020-24348 is CWE-125.