Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-24349

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Aug, 2020 | 18:51
Updated At-04 Aug, 2024 | 15:12
Rejected At-
Credits

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Aug, 2020 | 18:51
Updated At:04 Aug, 2024 | 15:12
Rejected At:
▼CVE Numbering Authority (CNA)

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cwe.mitre.org/data/definitions/416.html
x_refsource_MISC
https://github.com/nginx/njs/issues/324
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200918-0001/
x_refsource_CONFIRM
Hyperlink: https://cwe.mitre.org/data/definitions/416.html
Resource:
x_refsource_MISC
Hyperlink: https://github.com/nginx/njs/issues/324
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20200918-0001/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cwe.mitre.org/data/definitions/416.html
x_refsource_MISC
x_transferred
https://github.com/nginx/njs/issues/324
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20200918-0001/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://cwe.mitre.org/data/definitions/416.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/nginx/njs/issues/324
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20200918-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Aug, 2020 | 19:15
Updated At:05 Oct, 2022 | 18:38

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
F5, Inc.
f5
>>njs>>Versions up to 0.4.3(inclusive)
cpe:2.3:a:f5:njs:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cwe.mitre.org/data/definitions/416.htmlcve@mitre.org
Third Party Advisory
https://github.com/nginx/njs/issues/324cve@mitre.org
Exploit
Issue Tracking
Patch
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200918-0001/cve@mitre.org
Third Party Advisory
Hyperlink: https://cwe.mitre.org/data/definitions/416.html
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/nginx/njs/issues/324
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20200918-0001/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

20Records found
CVE-2020-5851
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.21% / 42.99%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 15:03
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_i7800big-ip_webacceleratorbig-ip_i7600big-ip_application_acceleration_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_servicebig-ip_i2600big-ip_global_traffic_managerbig-ip_2800big-ip_i4800big-ip_local_traffic_managerbig-ip_analyticsbig-ip_i5800big-ip_domain_name_systembig-ip_i10800big-ip_application_security_managerbig-ip_i11800big-ip_edge_gatewaybig-ip_i15600big-ip_link_controllerbig-ip_i10600big-ip_i850big-ip_access_policy_managerbig-ip_i11600big-ip_i15800big-ip_advanced_firewall_managerbig-ip_i4600big-ip_i5600BIG-IP
CVE-2023-36858
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.13%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 15:54
Updated-17 Oct, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BIG-IP Edge Client for Windows and macOS vulnerability

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationF5, Inc.
Product-access_policy_manager_clientswindowsbig-ip_access_policy_managermacosBIG-IP Edge Clientbig-ip_edge_client
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2018-15316
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.72%
||
7 Day CHG~0.00%
Published-19 Oct, 2018 | 13:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In F5 BIG-IP APM 13.0.0-13.1.1.1, APM Client 7.1.5-7.1.6, and/or Edge Client 7101-7160, the BIG-IP APM Edge Client component loads the policy library with user permission and bypassing the endpoint checks.

Action-Not Available
Vendor-F5, Inc.
Product-big-ip_access_policy_managerbig-ip_access_policy_manager_clientbig-ip_edge_clientBIG-IP (APM)BIG-IP APM ClientsBIG-IP Edge Client
CVE-2017-6152
Matching Score-8
Assigner-F5, Inc.
ShareView Details
Matching Score-8
Assigner-F5, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.78%
||
7 Day CHG~0.00%
Published-08 Mar, 2018 | 14:00
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password.

Action-Not Available
Vendor-F5, Inc.
Product-big-iq_centralized_managementBIG-IQ Centralized Management
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-24346
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.47%
||
7 Day CHG~0.00%
Published-13 Aug, 2020 | 18:52
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2022-43286
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.85%
||
7 Day CHG+0.01%
Published-28 Oct, 2022 | 00:00
Updated-07 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2024-24990
Matching Score-6
Assigner-F5, Inc.
ShareView Details
Matching Score-6
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.69%
||
7 Day CHG+0.01%
Published-14 Feb, 2024 | 16:30
Updated-08 May, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Action-Not Available
Vendor-F5, Inc.
Product-nginx_open_sourcenginx_plusNGINX Open SourceNGINX Plus
CWE ID-CWE-416
Use After Free
CVE-2022-31307
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.02%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 12:57
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2022-31306
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 12:57
Updated-03 Aug, 2024 | 07:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2016-0746
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-11.48% / 93.34%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.

Action-Not Available
Vendor-n/aopenSUSEApple Inc.Debian GNU/LinuxF5, Inc.Canonical Ltd.
Product-nginxleapubuntu_linuxdebian_linuxxcoden/a
CWE ID-CWE-416
Use After Free
CVE-2022-27007
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 14:08
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2017-18017
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-38.09% / 97.11%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 06:00
Updated-03 Jan, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncF5, Inc.Red Hat, Inc.SUSEDebian GNU/LinuxArista Networks, Inc.OpenStack
Product-enterprise_linux_serverubuntu_linuxlinux_enterprise_software_development_kitlinux_enterprise_serverenterprise_linux_server_auslinux_enterprise_point_of_saleenterprise_linux_for_real_time_for_nfvopenstack_cloudlinux_enterprise_live_patchinglinux_enterprise_module_for_public_cloudlinux_enterprise_real_time_extensiondebian_linuxlinux_kernelcloud_magnum_orchestrationmrg_realtimeenterprise_linux_workstationlinux_enterprise_high_availability_extensionlinux_enterprise_debuginfoenterprise_linux_euslinux_enterprise_high_availabilityarxcaas_platformlinux_enterprise_workstation_extensionlinux_enterprise_desktopeosenterprise_linux_server_tusenterprise_linux_desktopenterprise_linux_for_real_timeleapn/a
CWE ID-CWE-416
Use After Free
CVE-2020-5897
Matching Score-6
Assigner-F5, Inc.
ShareView Details
Matching Score-6
Assigner-F5, Inc.
CVSS Score-8.8||HIGH
EPSS-0.86% / 74.12%
||
7 Day CHG~0.00%
Published-12 May, 2020 | 15:20
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerbig-ip_access_policy_manager_clientF5 Edge Client
CWE ID-CWE-416
Use After Free
CVE-2012-1180
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.99% / 82.87%
||
7 Day CHG~0.00%
Published-17 Apr, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

Action-Not Available
Vendor-n/aFedora ProjectDebian GNU/LinuxF5, Inc.
Product-debian_linuxfedoranginxn/a
CWE ID-CWE-416
Use After Free
CVE-2019-6974
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-8.55% / 92.03%
||
7 Day CHG~0.00%
Published-15 Feb, 2019 | 15:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Linux Kernel Organization, IncDebian GNU/LinuxF5, Inc.
Product-enterprise_linux_serverubuntu_linuxbig-ip_webacceleratorbig-ip_application_acceleration_managerenterprise_linux_server_eusbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerbig-ip_fraud_protection_serviceopenshift_container_platformenterprise_linux_server_ausenterprise_linuxbig-ip_global_traffic_managerbig-ip_local_traffic_managerbig-ip_analyticsbig-ip_application_security_managerbig-ip_edge_gatewaydebian_linuxlinux_kernelbig-ip_link_controllerenterprise_linux_workstationenterprise_linux_eusbig-ip_access_policy_managerenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2022-25139
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.08%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 21:47
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2018-20836
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-3.90% / 87.81%
||
7 Day CHG~0.00%
Published-07 May, 2019 | 13:04
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxF5, Inc.
Product-virtual_storage_consoleubuntu_linuxdebian_linuxlinux_kernelstorage_replication_adapter_for_clustered_data_ontapsolidfire_\&_hci_management_nodeactive_iq_unified_managervasa_provider_for_clustered_data_ontaptraffix_signaling_delivery_controllersolidfire_\&_hci_storage_nodesnapprotecthci_compute_nodeleapn/a
CWE ID-CWE-416
Use After Free
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2024-34161
Matching Score-6
Assigner-F5, Inc.
ShareView Details
Matching Score-6
Assigner-F5, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 60.18%
||
7 Day CHG+0.21%
Published-29 May, 2024 | 16:02
Updated-13 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory.

Action-Not Available
Vendor-Fedora ProjectF5, Inc.
Product-nginx_plusnginx_open_sourcefedoraNGINX Open SourceNGINX Plusnginxnginx_plus
CWE ID-CWE-416
Use After Free
CVE-2022-32414
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 33.15%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 12:57
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.

Action-Not Available
Vendor-n/aF5, Inc.
Product-njsn/a
CWE ID-CWE-416
Use After Free
CVE-2025-53185
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 0.38%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 02:36
Updated-12 Aug, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory Impact: Successful exploitation of this vulnerability may affect service integrity.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-416
Use After Free
Details not found