Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33448: AddressSanitizer: stack-buffer-overflow in <unknown module> · Issue #170 · cesanta/mjs

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

CVE
Open in Source
#ubuntu#js#git#java#c++#buffer_overflow

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Clingto opened this issue

May 19, 2021

· 0 comments

Comments

System info:
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, mjs (latest master 4c870e5)
Compile Command:

$ gcc -fsanitize=address -fno-omit-frame-pointer -DMJS_MAIN mjs.c -ldl -g -o mjs

Run Command:

POC file:
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-module-stack-overflow

ASAN info:

ASAN:SIGSEGV

==10560==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9049390 (pc 0x7fffe9049390 bp 0x00000042572b sp 0x7fffe9049348 T0) #0 0x7fffe904938f (<unknown module>)

SUMMARY: AddressSanitizer: stack-overflow ??:0 ?? ==10560==ABORTING

1 participant

Related news

CVE-2021-33438: Minimum information for the vulnerability covered by 32 CVEs.

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE