CVE-2023-29570
Description
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cesanta MJS v2.20.0 has a segmentation fault in mjs_ffi_cb_free at src/mjs_ffi.c:982:24 causing denial-of-service.
Vulnerability
A segmentation fault (SEGV) vulnerability exists in Cesanta MJS version 2.20.0 in the function mjs_ffi_cb_free at src/mjs_ffi.c:982:24. The bug is triggered when processing a specially crafted JavaScript file (poc5.js) provided as a proof-of-concept [1][2]. The crash occurs due to a read access to an invalid memory address.
Exploitation
An attacker can exploit this vulnerability by supplying a malicious JavaScript file to the mjs interpreter. No authentication or special privileges are required; the attacker only needs the ability to execute mjs with the crafted file as input. The provided PoC file poc5.js triggers the crash upon execution, as demonstrated by AddressSanitizer output [1][2].
Impact
Successful exploitation leads to a denial-of-service (DoS) condition through a segmentation fault, causing the mjs interpreter to crash. This can disrupt services or applications relying on the MJS library.
Mitigation
As of the available references, no official patch or fixed version has been released [1][2]. Users should monitor the Cesanta MJS repository for updates. If the application is exposed to untrusted input, consider restricting access or using alternative JavaScript engines until a fix is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cesanta/MJSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.