Login Sign Up

CVE-2022-34029

9.1 CRITICAL
Denial of Service

📋 TL;DR

CVE-2022-34029 is an out-of-bounds read vulnerability in Nginx NJS (JavaScript engine) that could allow attackers to read sensitive memory contents or cause denial of service. This affects systems running Nginx with NJS module enabled. The vulnerability is in the njs_scope_value function and has a high CVSS score of 9.1.

💻 Affected Systems

Products:
  • Nginx NJS (JavaScript engine for Nginx)
Versions: NJS version 0.7.4 specifically
Operating Systems: All operating systems running Nginx with NJS
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if NJS module is explicitly enabled and configured in Nginx. Default Nginx installations without NJS are not affected.

📦 What is this software?

Njs by F5

View all CVEs affecting Njs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities, or sensitive information disclosure from memory.

🟠

Likely Case

Denial of service causing Nginx worker processes to crash, potentially disrupting web services.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal NJS usage, though still presents availability risk.

🌐 Internet-Facing: HIGH - Nginx is commonly internet-facing and the vulnerability can be triggered via HTTP requests if NJS is enabled.
🏢 Internal Only: MEDIUM - Still significant risk for internal services, but attack surface is more limited than internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof of concept demonstrates triggering the out-of-bounds read. Full weaponization for RCE would require additional exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NJS version 0.7.5 and later

Vendor Advisory: https://github.com/nginx/njs/issues/506

Restart Required: Yes

Instructions:

1. Update NJS to version 0.7.5 or later. 2. Recompile Nginx with updated NJS module if using source build. 3. Restart Nginx service. 4. For package managers: use appropriate update command (apt-get upgrade nginx-module-njs, yum update nginx-module-njs, etc.)

🔧 Temporary Workarounds

Disable NJS Module

linux

Temporarily disable NJS functionality if not required

Comment out or remove 'js_include' and 'js_content' directives in nginx.conf
Reload nginx: nginx -s reload

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure to Nginx services
  • Deploy web application firewall (WAF) rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check NJS version: nginx -V 2>&1 | grep njs or check nginx configuration for js_* directives

Check Version:

nginx -V 2>&1 | grep njs

Verify Fix Applied:

Verify NJS version is 0.7.5 or higher: nginx -V 2>&1 | grep njs

📡 Detection & Monitoring

Log Indicators:

  • Nginx worker process crashes
  • Segmentation fault errors in error.log
  • Unusual memory access patterns

Network Indicators:

  • HTTP requests triggering NJS functionality followed by service disruption

SIEM Query:

source="nginx_error.log" AND ("segmentation fault" OR "SIGSEGV" OR "worker process")

📊 Metadata

CVE ID: CVE-2022-34029
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: July 18, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-34029, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)