CVE-2019-13617
CVE-2019-13617, security advisory, novell, suse linux, suse, security, cve

CVE-2019-13617

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2019-13617 at MITRE

Description

njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  SUSE
Base Score 4.2
Vector CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Access Vector Local
Access Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality Impact Low
Integrity Impact Low
Availability Impact Low
CVSSv3 Version 3
SUSE Bugzilla entry: 1141793 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.