Open vorfreuder opened 8 months ago
The name of an affected Product mjs
The affected version Commit: b1b6eac (Tag: 2.20.0)
Description An issue in cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the mjs.c file.
Vulnerability Type Out-of-bounds Write
Environment
Distributor ID: Ubuntu Description: Ubuntu 18.04.6 LTS Release: 18.04 Codename: bionic
Ubuntu clang version 12.0.1-++20211102090516+fed41342a82f-1~exp1~20211102211019.11 Target: x86_64-pc-linux-gnu Thread model: posix
Steps to Reproduce download poc.zip, then
git clone https://github.com/cesanta/mjs cd mjs git checkout b1b6eac clang -ggdb -O0 -DMJS_MAIN mjs.c -o mjs -ldl unzip poc.zip # run command ./mjs -f poc
ASAN Info
AddressSanitizer:DEADLYSIGNAL ================================================================= ==141==ERROR: AddressSanitizer: stack-overflow on address 0x0000c40cc508 (pc 0x0000004ec73d bp 0x7fffc40cc510 sp 0x0000c40cc508 T0) #0 0x4ec73d in mjs_op_json_stringify /mjs/mjs.c:11362:1 #1 0x4ef755 in mjs_exec_internal /mjs/mjs.c:9044:5 #2 0x4efa40 in mjs_exec_file /mjs/mjs.c:9067:11 #3 0x4f75b9 in main /mjs/mjs.c:11406:13 #4 0x7fbe53915c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310 #5 0x41b7f9 in _start (/mjs/mjs+0x41b7f9) SUMMARY: AddressSanitizer: stack-overflow /mjs/mjs.c:11362:1 in mjs_op_json_stringify ==141==ABORTING
The name of an affected Product mjs
The affected version Commit: b1b6eac (Tag: 2.20.0)
Description An issue in cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the mjs.c file.
Vulnerability Type Out-of-bounds Write
Environment
Steps to Reproduce download poc.zip, then
ASAN Info