Descriptionnjs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
|National Vulnerability Database||SUSE|