Headline

CVE-2022-30974: [BUG] stack exhaustion in function `compile`, mujs · Issue #162 · ccxvii/mujs

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

2 years ago

CVE

Open in Source

#ubuntu #js #git #c++#docker

My steps to reproduce via docker, if you failed in your environment, you could try the following.

docker pull ubuntu:22.04
# start a container 
apt update && apt install vim git gcc make g++ wget libreadline-dev unzip -y
vim /etc/apt/source.list
# add clang's source for ubuntu 22.04, which can be found in https://apt.llvm.org/
# add gpg key
wget  https://apt.llvm.org/llvm-snapshot.gpg.key  && apt-key add llvm-snapshot.gpg.key
apt install clang-12 -y
git clone https://github.com/ccxvii/mujs && pushd mujs
wget https://github.com/ccxvii/mujs/files/8694862/poc0.zip && unzip poc0.zip
CC=clang-12 make build=sanitize && ./build/sanitize/mujs poc0

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

6 months ago

Packet Storm

Open in Source

#vulnerability #web #mac #linux #js #java #rce

Debian Security Advisory 5291-1

Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.

1 year ago

Packet Storm

Open in Source

#linux #debian #dos #js #java