CVE-2022-43286
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-43286
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43286.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-43286
- Published
- 2022-10-28T21:15:10.213Z
- Modified
- 2025-11-14T13:49:56.192214Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njsjsonparseiteratorcall at njs_json.c.
- References
Affected packages
Git / github.com/nginx/njs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nginx/njs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.1.1
0.1.10
0.1.11
0.1.12
0.1.13
0.1.14
0.1.15
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.3.7
0.3.8
0.3.9
0.4.0
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Function",
"target": {
"function": "njs_json_pop_parse_state",
"file": "src/njs_json.c"
},
"id": "CVE-2022-43286-18405767",
"digest": {
"length": 287.0,
"function_hash": "212275849317984151066165185631303355172"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Line",
"target": {
"file": "src/test/njs_benchmark.c"
},
"id": "CVE-2022-43286-4f87ced8",
"digest": {
"line_hashes": [
"133998181486505963782311897367318452209",
"538989235463723849199544271926506276",
"178090826898043005868731557494104714973"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Function",
"target": {
"function": "njs_json_push_parse_state",
"file": "src/njs_json.c"
},
"id": "CVE-2022-43286-51a0d8ae",
"digest": {
"length": 481.0,
"function_hash": "200905684429621691779637995935168505994"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Function",
"target": {
"function": "njs_json_parse_iterator_call",
"file": "src/njs_json.c"
},
"id": "CVE-2022-43286-5753d256",
"digest": {
"length": 1202.0,
"function_hash": "296451647136411897655922002957891689311"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Function",
"target": {
"function": "njs_json_parse",
"file": "src/njs_json.c"
},
"id": "CVE-2022-43286-612bc225",
"digest": {
"length": 1238.0,
"function_hash": "46411329095591969416500553875237887922"
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Line",
"target": {
"file": "src/njs_json.c"
},
"id": "CVE-2022-43286-8759b090",
"digest": {
"line_hashes": [
"281745333988207490767920895095867600647",
"167125231790099603817618040358857277376",
"46063534476814732419167317647132008778",
"169713123915800323154559568935864037995",
"185338519680394894490519927684227320918",
"129038094165753130475147845856918219690",
"238819462033879858453044654757387677683",
"275727080407370875289794881664750073119",
"122060905281096951941346395660768415847",
"296310731195641657658948215913886444966",
"183540690403868612609005244190265836999",
"228517723622454495382862593051260848324",
"143068444686879084074785910706500465128",
"322032182858511306299794915354203394151",
"274900236963076980896309000097022386917",
"225292936377855945019599001716863296894",
"88202348701580113359193289396209183469",
"75219950613029596660142219816331194724",
"271053693480550246697668037063073465392",
"277898295215661639972235585216029404620",
"239151352715842031524885119753385793612",
"310960085428094331430080679096078812106",
"76121668864222985636518480454116414933",
"226222133708140832473366765959790754576",
"158791538448141465946006326452269657195",
"112251901887772737305255040813935487776",
"197024717146170884664099008845338975795",
"212652527401563757817113362817782726377",
"40910615808828055537465549550738700497",
"193284035931353985238837506590423896973",
"135332847280588951963882188843566816160",
"157632146518652493163841317310446728988",
"268694538014469862341567941914408979719",
"124980587419573554301926997545685277566",
"233977772541419973428468508791948061325",
"197711702391104331735468492142313088986",
"327519323471382679728676854698088089500",
"313325234569748603367072861993298585677",
"71252390157982186720031324930382748530",
"3816987866986311594125756639037639372",
"96211309224729035934022997452542080415",
"193838752525408974504128788144622072949",
"252732205397663723616131032183653718159",
"304227685036160166987535110056255661862",
"20059893912806172358975789233583007359",
"111588847999522720851446945130251575651",
"156335280578715113075618284744291239070",
"176527911563103584629765979511132467507",
"334295532780791123767851799436695958284",
"334811619413395269311915311050858435811",
"113049526881211713110156225264610260379",
"97036624421031996858125214360744695597",
"64071288074846819838159182224768200272",
"207758156939803000122194985258791915895",
"100321236743139053317782063424744158766",
"164225436779478622153459366409099970585",
"137408914078665878916605056700342443768",
"24963191715526788594529273562939682920",
"161666494394101446543626935849422834396",
"256105742295087341453546791634893438923",
"314939356297727843510143305702542425094",
"131720651697408435623960809535249733766",
"263913206851760224389303741183729847101",
"200653068538783209812364586658877684970",
"2033805292966826455487197332405709162",
"285025010230625497029776234727045308973",
"338220306552327510056843164855709278777",
"50029419095867124888533497784472329418",
"75873122422953001735118079711210464788",
"328184489055605211586885937988743160569",
"156798091335762780574727163617853456060",
"242294715483407203795634455587111694903",
"259334760112423842308042141409391516487",
"101308219870615441921861890398424271997",
"202640611200814282888266641385658174762",
"52469810312387543195832429769439224866",
"330080042182826299049767018377937401582",
"65387059083052188735468964884682849860",
"98932824644789081756404424276752480509",
"183848049597859985282490558565459039419",
"319580100329354711878949649294272599033",
"117076662698434625827254104153747870088",
"95924474653766101380371907497373260059",
"155455704829333478760086963834453073407",
"140717872713804550078648676627950981392",
"267775056350989079320244362160413109093",
"140419975772670031838208643345741015098",
"59849036281965097840941707824320331511",
"68440051081548013393604510295690060033",
"24368652289429617240082615099773641700",
"336480683849646633165512079942420023657",
"257915648135239838426853475979561059576",
"233281611295611942482284749464800055943",
"217167932574752800185964333878947341551",
"107428468377876311641320047477646776849",
"313387189815863189775467459029028758337",
"228299250039853728530250550852372384912",
"27876490792248310652852030524344107246",
"102987244480617539077629331675069747807",
"8340271020050208449005993170867372579",
"322531408242510216857087175271116452271",
"312841200484616131686141805364576276656",
"182969384925051210628332470477032822015",
"126175204305997218320077293923543584576",
"265969926412301799974721688342252908534",
"58926956050793124017853985791997726207",
"180140673051942273108188274495143944143",
"10271924747263752656236232449907103923",
"314995124587852577878545688200352732286",
"245170571038479262468007345758695234212",
"278075701603935570991727707557529855183",
"169872467391328424490273234987431694587",
"10979305557571061337905321555044018679",
"19019087984474382331986935016281576961",
"131608910631444660626209107343660315231",
"151750625665313777298459517110271976401",
"110299758935541919924163163956927203102",
"284021815356735181021561406143749143575",
"51985236275513419178599343740214635649",
"49358339685057062225405921494188229422",
"215079740882162529295201508035666842503",
"311243623016211390639872558995219456652",
"272982905564908887919369959313633388041",
"19019087984474382331986935016281576961",
"131608910631444660626209107343660315231",
"89139568688481230195991468326335389188",
"210221925150507431949804045724656047986",
"284232258947739355786970672949205977550",
"251456085045237716065872694663299195385",
"44727026317432968390420635280613938576",
"85801028403888247514420232655848248573",
"195927720037685273995819390723187569514",
"278470394854070157755741734326314167029",
"244996511225454113723255828740237547342",
"75253459650265590865899334170321542169",
"208799437559177853530781990849303391554",
"94348806671035242848044602200256912378",
"15245978077281893038792388904386048629",
"185980905089044417366923875655120253313",
"42569254393177059354812440925092403776",
"231940909045556025508739668985189928849",
"15617550801298534898381283942965966689",
"287123341089668117520138661536024072059",
"21600341025430120795785439232937950745",
"44102972024074107003170999855930350666",
"200086497182520979170115853663870455035",
"106254559600047119986145650731533991071",
"24310564694032630926202149971806542587",
"257500279647059621875964179914601016790",
"200083390167952745937632274203197023725",
"513701598373638598644696582372983804",
"72598556849741676125406076920174272760",
"47208066900787474385056492649775387690",
"130429216329045512600358972204909680707",
"206908952465175922474896081563782725660",
"49313389320154657390115860875805157164",
"246702300743874374293797312891100226543",
"221940531707888140128855643534056074157",
"154035730178027037476768946302589880113",
"233763556429041251612961204658563973763",
"337898383165742662197288961313701926355",
"121150795701734204729348963460456721541",
"48216051948748138043894457425745616352",
"136490907185592136675350231006729391237",
"21670966094356631773921598587985626999",
"281704401500830562951563081695238008007",
"134709658300789164608491033160640509565",
"244721906227691998417599933728426292128",
"206908952465175922474896081563782725660",
"49313389320154657390115860875805157164",
"246702300743874374293797312891100226543",
"266860470875280521370173341738602930100",
"171450276842075358621680787464279446610",
"146329322218405725981952477443919890371",
"107598916093688039918186640559028572699",
"195314658536801265740566508779027994168",
"75074796402071148222033392879537786831",
"226843820360912450454485920405505072961",
"120457100873950342102422614899686562520",
"327830847734117651638522134247048614106",
"44543232571199267242916786825646477773",
"310831386449984677329421211424795087164",
"95064993403699890789836671946684900170",
"219066972366534473356580050446659198226",
"100453630490791673548807151969344408853",
"203339820797047534060877518571409271174",
"201283519961522323188283566121366392981",
"328830851459012302499328646410346722999",
"139679144014452419286557355031973883335"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Line",
"target": {
"file": "src/test/njs_unit_test.c"
},
"id": "CVE-2022-43286-ad430399",
"digest": {
"line_hashes": [
"274362632255914090026457824926723679321",
"51462993081627396656626364382104714089",
"84469597337928678070800686999682210974"
],
"threshold": 0.9
},
"deprecated": false
},
{
"signature_version": "v1",
"source": "https://github.com/nginx/njs/commit/2ad0ea24a58d570634e09c2e58c3b314505eaa6a",
"signature_type": "Function",
"target": {
"function": "njs_json_parse_iterator",
"file": "src/njs_json.c"
},
"id": "CVE-2022-43286-cf18d0bc",
"digest": {
"length": 1406.0,
"function_hash": "255072888608068745380231875734009538051"
},
"deprecated": false
}
]