Headline

CVE-2022-30974: [BUG] stack exhaustion in function `compile`, mujs · Issue #162 · ccxvii/mujs

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

2 years ago

CVE

Open in Source

#ubuntu #js #git #c++#docker

My steps to reproduce via docker, if you failed in your environment, you could try the following.

docker pull ubuntu:22.04
# start a container 
apt update && apt install vim git gcc make g++ wget libreadline-dev unzip -y
vim /etc/apt/source.list
# add clang's source for ubuntu 22.04, which can be found in https://apt.llvm.org/
# add gpg key
wget  https://apt.llvm.org/llvm-snapshot.gpg.key  && apt-key add llvm-snapshot.gpg.key
apt install clang-12 -y
git clone https://github.com/ccxvii/mujs && pushd mujs
wget https://github.com/ccxvii/mujs/files/8694862/poc0.zip && unzip poc0.zip
CC=clang-12 make build=sanitize && ./build/sanitize/mujs poc0

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

13 days ago

Packet Storm

Open in Source

#vulnerability #web #mac #linux #js #java #rce

Debian Security Advisory 5291-1

Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.

1 year ago

Packet Storm

Open in Source

#linux #debian #dos #js #java