CVE-2022-29379: 
Linux Alpine vulnerability analysis and mitigation

Nginx NJS v0.7.3 was discovered to contain a stack overflow vulnerability in the function njsdefaultmoduleloader at /src/njs/src/njsmodule.c. This vulnerability has been disputed by multiple third parties, as the behavior was only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release (NVD).

The vulnerability was identified as a stack-based buffer overflow in the njsdefaultmodule_loader function. The issue was caused by a typo while calculating module path length, where the length variable was being incorrectly assigned instead of incremented (GitHub Commit). The vulnerability received a CVSS v3.1 Base Score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, the vulnerability could potentially lead to stack buffer overflow, which might allow attackers to execute arbitrary code or cause denial of service. However, since the vulnerability was only present in unreleased development code, the actual impact on production systems is minimal (NVD).

The issue was fixed in commit ab1702c7af9959366a5ddc4a75b4357d4e9ebdc1, which corrected the typo in the module path length calculation. Since the vulnerability never made it to a release version, no specific mitigation is required for production systems (GitHub Issue).