CVE-2023-29571

Vulnerability

Cesanta MJS v2.20.0 contains a segmentation fault (SEGV) vulnerability in the garbage collector function gc_sweep at src/mjs_gc.c:190. The issue is triggered when processing a specially crafted JavaScript file, leading to an invalid memory read. The vulnerability is present in the mjs interpreter version 2.20.0 [1][2].

Exploitation

An attacker can exploit this vulnerability by providing a malicious JavaScript file (e.g., poc6.js) to the mjs interpreter. No authentication or special privileges are required; the victim simply runs the interpreter on the crafted file. The crash occurs during the garbage collection sweep phase, as illustrated by AddressSanitizer output showing a SEGV at gc_sweep [1][2].

Impact

Successful exploitation results in a denial of service (DoS) due to the crash of the mjs interpreter. The vulnerability does not lead to code execution or data corruption beyond the termination of the process. The impact is limited to disruption of service availability [1][2].

Mitigation

As of the publication date (April 12, 2023), no official fix or patched version has been released by the vendor. Users are advised to monitor the Cesanta MJS repository for updates or avoid processing untrusted JavaScript files. No workarounds are documented in the available references [1][2].