CVE-2022-34028 – CVE-2022-34028 is a segmentation fault vulnerab... (How to Fix)

Q: What is the severity of CVE-2022-34028?

CVE-2022-34028 has a CVSS score of 7.5 (HIGH). CVE-2022-34028 is a segmentation fault vulnerability in Nginx NJS JavaScript engine that occurs when processing malformed UTF-8 sequences. This vulnerability could allow attackers to crash Nginx processes, potentially leading to denial of service. Organizations using Nginx with NJS module enabled are affected.

📋 TL;DR

CVE-2022-34028 is a segmentation fault vulnerability in Nginx NJS JavaScript engine that occurs when processing malformed UTF-8 sequences. This vulnerability could allow attackers to crash Nginx processes, potentially leading to denial of service. Organizations using Nginx with NJS module enabled are affected.

💻 Affected Systems

Products:

Nginx NJS

Versions: NJS version 0.7.5 specifically

Operating Systems: All platforms running Nginx with NJS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when NJS module is explicitly enabled and configured in Nginx.

📦 What is this software?

Njs by F5

View all CVEs affecting Njs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption through repeated process crashes, potentially enabling denial of service attacks against web applications.

🟠

Likely Case

Intermittent service disruptions and instability in Nginx processes handling JavaScript execution.

🟢

If Mitigated

Minimal impact if NJS module is disabled or proper input validation is implemented.

🌐 Internet-Facing: MEDIUM - Exploitable via HTTP requests but requires NJS module to be enabled and processing untrusted input.

🏢 Internal Only: LOW - Internal systems typically process trusted input, reducing exploitation likelihood.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept demonstrates crash via malformed UTF-8 input. Exploitation requires sending specially crafted requests to NJS endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NJS version 0.7.6 or later

Vendor Advisory: https://github.com/nginx/njs/issues/522

Restart Required: Yes

Instructions:

1. Update NJS to version 0.7.6 or later. 2. Recompile Nginx with updated NJS module. 3. Restart Nginx service.

🔧 Temporary Workarounds

Disable NJS Module

all

Temporarily disable NJS JavaScript processing if not required

# Remove or comment out njs directives in nginx.conf
# Example: remove 'js_include', 'js_content', 'js_set' directives

Input Validation

all

Implement strict input validation for UTF-8 data before NJS processing

# Configure nginx location blocks to validate input
# Example: limit request sizes, validate content types

🧯 If You Can't Patch

Implement WAF rules to block malformed UTF-8 sequences
Monitor Nginx process health and implement automatic restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check NJS version: njs -v or examine nginx configuration for njs directives

Check Version:

njs -v

Verify Fix Applied:

Confirm NJS version is 0.7.6 or later and test with known malformed UTF-8 inputs

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in Nginx error logs
Process crashes with core dumps
Increased 502 Bad Gateway errors

Network Indicators:

Repeated requests with malformed UTF-8 sequences
Unusual patterns to NJS endpoints

SIEM Query:

source="nginx_error.log" AND ("segmentation fault" OR "SIGSEGV" OR "core dumped")

📊 Metadata

CVE ID: CVE-2022-34028

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: July 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/nginx/njs/issues/522 Exploit,Third Party Advisory
https://github.com/nginx/njs/issues/522 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON