{"id":"CVE-2022-35173","details":"An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.","modified":"2026-04-11T23:41:55.051577Z","published":"2022-08-18T06:15:07.280Z","references":[{"type":"REPORT","url":"https://github.com/nginx/njs/issues/553"},{"type":"FIX","url":"http://hg.nginx.org/njs/rev/b7c4e0f714a9"},{"type":"FIX","url":"https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nginx/njs","events":[{"introduced":"0"},{"last_affected":"37dc1e788060ba17cdcd6e3fd2695177c9d7aa38"},{"fixed":"404553896792b8f5f429dc8852d15784a59d8d3e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.7.5"}]}}],"versions":["0.1.0","0.1.1","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.2.0","0.2.1","0.2.2","0.2.3","0.2.4","0.2.5","0.2.6","0.2.7","0.2.8","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.3.5","0.3.6","0.3.7","0.3.8","0.3.9","0.4.0","0.4.1","0.4.2","0.4.3","0.4.4","0.5.0","0.5.1","0.5.2","0.5.3","0.6.0","0.6.1","0.6.2","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:41:55Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35173.json","vanir_signatures":[{"target":{"file":"src/njs_generator.c","function":"njs_generate_try_end"},"deprecated":false,"id":"CVE-2022-35173-4378f8a0","source":"https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e","signature_type":"Function","digest":{"function_hash":"304029516047076007140133536908263875321","length":1546},"signature_version":"v1"},{"target":{"file":"src/njs_generator.c"},"deprecated":false,"id":"CVE-2022-35173-489a113a","source":"https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["224699747579391325238831959343261633136","52056593301345868156133187946512523968","185166471147926133279267508134815891530","223962460441088112010421191931167778567","111285792979142093917006186897021375080","11419336829417016789537071884973585241","108587633537507210242609878158511307392","253754656440548818088749855167038233632","119396003708655793939043004706493753335","202894104238663237536306831230273595496","304285341048027117825203959884466812487","261703387443705524283148283861347027165","223962460441088112010421191931167778567","111285792979142093917006186897021375080","11419336829417016789537071884973585241","321650022450988414625152546050505572726"]},"signature_version":"v1"},{"target":{"file":"src/njs_generator.c","function":"njs_generate_try_catch"},"deprecated":false,"id":"CVE-2022-35173-e548101c","source":"https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e","signature_type":"Function","digest":{"function_hash":"308183539393987763383279632380141094769","length":1199},"signature_version":"v1"},{"target":{"file":"src/test/njs_unit_test.c"},"deprecated":false,"id":"CVE-2022-35173-f5a9baa4","source":"https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["68824721654271214470007509025733089349","119537499777861277673241192577645023772","46047927877222704196910641765542344296","215122680273465019952994184342902706408","236361956205353044532968203584505879341"]},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}