You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
wrauner
changed the title
heap-buffer-overflow in nxt_utf8_decode nxt/nxt_utf8.c:72
global-buffer-overflow in nxt_utf8_decode nxt/nxt_utf8.c:72
Jun 20, 2019
@nluedtke Did you create this CVE? If yes, can you please explain how did you calculate the base score? Given that njs never executes js code from the network, only from a conf file which is a safe source. Please also do not create similar CVEs from such tickets.
^^ Yeah CVE / NVD have plenty of garbage information, especially when researchers don't coordinate with vendors, and NVD doesn't vet the information (which they almost never really do).
NJS version:
JS Testcase:
ASAN log:
Found by fluff
The text was updated successfully, but these errors were encountered: