CVE-2022-34031 – CVE-2022-34031 is a segmentation violation vuln... (How to Fix)

Q: What is the severity of CVE-2022-34031?

CVE-2022-34031 has a CVSS score of 7.5 (HIGH). CVE-2022-34031 is a segmentation violation vulnerability in Nginx NJS JavaScript engine that could allow attackers to crash the Nginx process or potentially execute arbitrary code. This affects systems running Nginx with NJS module enabled. The vulnerability occurs when converting JavaScript values to numbers in njs_value_to_number function.

📋 TL;DR

CVE-2022-34031 is a segmentation violation vulnerability in Nginx NJS JavaScript engine that could allow attackers to crash the Nginx process or potentially execute arbitrary code. This affects systems running Nginx with NJS module enabled. The vulnerability occurs when converting JavaScript values to numbers in njs_value_to_number function.

💻 Affected Systems

Products:

Nginx NJS module

Versions: NJS version 0.7.5

Operating Systems: Linux, BSD, Unix systems running Nginx

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when NJS module is explicitly enabled and configured in Nginx. Standard Nginx installations without NJS are not affected.

📦 What is this software?

Njs by F5

View all CVEs affecting Njs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or service disruption.

🟠

Likely Case

Denial of service through Nginx process crashes, disrupting web services and applications.

🟢

If Mitigated

Limited impact with proper segmentation and monitoring, potentially just service restarts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted JavaScript to trigger the segmentation violation. The GitHub issue contains technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NJS version 0.7.6 or later

Vendor Advisory: https://github.com/nginx/njs/issues/523

Restart Required: Yes

Instructions:

1. Update NJS module to version 0.7.6 or later. 2. Recompile Nginx with updated NJS if using source build. 3. Restart Nginx service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Disable NJS module

all

Temporarily disable the NJS JavaScript module if not required for functionality.

# Remove or comment out NJS-related directives in nginx.conf
# Example: remove 'js_include', 'js_set', 'js_content' directives

Restrict NJS usage

all

Limit NJS usage to trusted contexts and implement input validation.

# Add input validation in NJS scripts
# Example: validate all external inputs before processing

🧯 If You Can't Patch

Implement strict input validation and sanitization for all NJS script inputs
Deploy WAF rules to detect and block suspicious JavaScript patterns targeting NJS

🔍 How to Verify

Check if Vulnerable:

Check NJS version: njs -v or grep NJS version in nginx -V output. If version is 0.7.5 and NJS is enabled, system is vulnerable.

Check Version:

njs -v 2>/dev/null || nginx -V 2>&1 | grep -i njs

Verify Fix Applied:

Verify NJS version is 0.7.6 or later: njs -v should show patched version. Test NJS functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in Nginx error logs
Unexpected Nginx worker process crashes
Core dumps in /var/log or system directories

Network Indicators:

Sudden HTTP 502/503 errors from Nginx
Unusual JavaScript payloads in HTTP requests

SIEM Query:

source="nginx_error.log" AND ("segmentation fault" OR "SIGSEGV" OR "core dumped")

📊 Metadata

CVE ID: CVE-2022-34031

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: July 18, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/nginx/njs/issues/523 Exploit,Issue Tracking,Third Party Advisory
https://github.com/nginx/njs/issues/523 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON