Headline
CVE-2022-30974: [BUG] stack exhaustion in function `compile`, mujs · Issue #162 · ccxvii/mujs
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
My steps to reproduce via docker, if you failed in your environment, you could try the following.
docker pull ubuntu:22.04
# start a container
apt update && apt install vim git gcc make g++ wget libreadline-dev unzip -y
vim /etc/apt/source.list
# add clang's source for ubuntu 22.04, which can be found in https://apt.llvm.org/
# add gpg key
wget https://apt.llvm.org/llvm-snapshot.gpg.key && apt-key add llvm-snapshot.gpg.key
apt install clang-12 -y
git clone https://github.com/ccxvii/mujs && pushd mujs
wget https://github.com/ccxvii/mujs/files/8694862/poc0.zip && unzip poc0.zip
CC=clang-12 make build=sanitize && ./build/sanitize/mujs poc0
Related news
Gentoo Linux Security Advisory 202405-06
Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.
Debian Security Advisory 5291-1
Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.