CVE-2023-30088

Vulnerability

A vulnerability in Cesanta MJS v1.26 (commit d6c06a6) allows a local attacker to cause a denial of service via an invalid memory read in the mjs_execute function at mjs.c:9320. The issue occurs when processing a specially crafted JavaScript file, as demonstrated by a proof-of-concept (PoC) that triggers a segmentation fault when executed. This is an out-of-bounds or null pointer write access, as indicated by the AddressSanitizer report showing a SEGV on address 0x0. [1]

Exploitation

To exploit, an attacker needs local access to the system and the ability to run the mjs_asan (or mjs) executable with a crafted input file. The steps involve downloading the PoC, compiling mjs with AddressSanitizer, and executing the binary with the -f flag pointing to the malicious file. The invalid memory access is triggered during the execution of mjs_execute, causing immediate termination. [1]

Impact

Successful exploitation results in a denial of service (DoS) condition: the mjs process crashes due to a segmentation fault (invalid memory write to address 0x0). This can be used by an attacker to disrupt services relying on the MJS library. The impact is limited to availability (CIA: availability loss), with no indication of code execution or data exposure. [1]

Mitigation

As of the publication date (2023-05-09), no official fix has been released for CVE-2023-30088 in Cesanta MJS v1.26. Users should monitor the project repository [1] for updates. Until a patch is available, avoid processing untrusted JavaScript files with the affected version. There is no known workaround that eliminates the vulnerability. [1]