CVE-2023-27728 – This vulnerability in Nginx NJS v0.7.10 allows ... (How to Fix)

Q: What is the severity of CVE-2023-27728?

CVE-2023-27728 has a CVSS score of 7.5 (HIGH). This vulnerability in Nginx NJS v0.7.10 allows attackers to trigger a segmentation violation via the njs_dump_is_recursive function, potentially causing denial of service or arbitrary code execution. It affects systems running Nginx with NJS module enabled. The vulnerability stems from improper bounds checking in memory operations.

📋 TL;DR

This vulnerability in Nginx NJS v0.7.10 allows attackers to trigger a segmentation violation via the njs_dump_is_recursive function, potentially causing denial of service or arbitrary code execution. It affects systems running Nginx with NJS module enabled. The vulnerability stems from improper bounds checking in memory operations.

💻 Affected Systems

Products:

Nginx NJS

Versions: v0.7.10 specifically

Operating Systems: All platforms running Nginx with NJS

Default Config Vulnerable: ✅ No

Notes: Only affects systems where NJS module is explicitly enabled and configured in Nginx.

📦 What is this software?

Njs by F5

View all CVEs affecting Njs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing Nginx/NJS process crashes and service disruption.

🟢

If Mitigated

Limited impact with proper segmentation and process isolation, potentially just service restart.

🌐 Internet-Facing: HIGH - Nginx is commonly internet-facing and the vulnerability can be triggered remotely.

🏢 Internal Only: MEDIUM - Internal systems running vulnerable NJS could be exploited by authenticated attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Segmentation violation vulnerabilities often require specific conditions to achieve code execution beyond DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.7.11 or later

Vendor Advisory: https://github.com/nginx/njs/issues/618

Restart Required: Yes

Instructions:

1. Update NJS to v0.7.11 or later. 2. Recompile Nginx with updated NJS if using source build. 3. Restart Nginx service.

🔧 Temporary Workarounds

Disable NJS Module

all

Remove or comment out NJS module configuration in nginx.conf

# Remove 'js_include' and 'js_set' directives from nginx.conf
# Remove 'js_content' and 'js_access' directives

Process Isolation

linux

Run Nginx in container with limited privileges

docker run --security-opt=no-new-privileges --cap-drop=ALL nginx

🧯 If You Can't Patch

Implement strict network segmentation to limit access to Nginx instances
Deploy WAF rules to detect and block suspicious NJS-related requests

🔍 How to Verify

Check if Vulnerable:

Check NJS version with: njs -v or examine Nginx configuration for NJS module usage

Check Version:

njs -v

Verify Fix Applied:

Confirm NJS version is v0.7.11 or later: njs -v

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in Nginx error logs
Process crashes with core dumps
Unusual memory access patterns

Network Indicators:

Unexpected requests to NJS endpoints
Traffic patterns causing Nginx restarts

SIEM Query:

source="nginx_error.log" AND "segmentation fault" OR "SIGSEGV"

📊 Metadata

CVE ID: CVE-2023-27728

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: April 9, 2023

Last Updated: February 11, 2025

🔗 References

https://github.com/nginx/njs/issues/618 Exploit,Issue Tracking,Patch
https://github.com/nginx/njs/issues/618 Exploit,Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27728, you might also want to check these: