SEGV in mjs_op_json_parse() at mjs.c:11364

Question

SEGV in mjs_op_json_parse() at mjs.c:11364

vorfreuder opened this issue a year ago · 0 comments

The name of an affected Product
mjs

The affected version
Commit: b1b6eac (Tag: 2.20.0)

Description
An issue in cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the mjs.c file.

Vulnerability Type
segmentation violation

Environment

Operating System

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.6 LTS
Release:        18.04
Codename:       bionic

Compiler

Ubuntu clang version 12.0.1-++20211102090516+fed41342a82f-1~exp1~20211102211019.11
Target: x86_64-pc-linux-gnu
Thread model: posix

Steps to Reproduce
download poc.zip, then

git clone https://github.com/cesanta/mjs
cd mjs
git checkout b1b6eac
clang -ggdb -O0 -DMJS_MAIN mjs.c -o mjs -ldl
unzip poc.zip
# run command
./mjs -f poc

ASAN Info

AddressSanitizer:DEADLYSIGNAL
=================================================================
==426==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x0000004ec7f2 bp 0x7ffe719b3d70 sp 0x7ffe719b34f8 T0)
==426==The signal is caused by a READ memory access.
==426==Hint: this fault was caused by a dereference of a high value address (see register values below).  Disassemble the provided pc to learn which register was used.
    #0 0x4ec7f2 in mjs_op_json_parse /mjs/mjs.c:11364
    #1 0x4ef755 in mjs_exec_internal /mjs/mjs.c:9044:5
    #2 0x4efa40 in mjs_exec_file /mjs/mjs.c:9067:11
    #3 0x4f787f in main /mjs/mjs.c:11423:11
    #4 0x7fd0e0cd8c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
    #5 0x41b7f9 in _start (/mjs/mjs+0x41b7f9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /mjs/mjs.c:11364 in mjs_op_json_parse
==426==ABORTING