CVE-2023-49550

Vulnerability

Cesanta mjs version 2.20.0 (commit b1b6eac) is vulnerable to a segmentation violation when processing a crafted JavaScript input. The crash occurs at the address mjs+0x4ec508 during execution of a specific script that triggers a write to an invalid memory location. The vulnerability is reachable without special configuration; any application that parses untrusted JavaScript using this version of mjs is affected. [1]

Exploitation

An attacker can exploit this vulnerability by supplying a malicious JavaScript file to the mjs interpreter. The provided proof-of-concept script demonstrates the crash: it includes a series of operations such as JSON.parse and JSON.stringify on crafted strings, leading to a segmentation fault. The attacker does not require authentication or elevated privileges; only the ability to deliver the input to the interpreter is needed. The crash is confirmed via AddressSanitizer output showing a SEGV signal. [1]

Impact

Successful exploitation results in a denial of service (DoS) due to a segmentation fault that terminates the mjs process. The crash prevents further processing of JavaScript code, potentially disrupting services that rely on mjs. No evidence of arbitrary code execution or information disclosure is provided in the reference. [1]

Mitigation

As of the publication date, no official fix has been released for this vulnerability. The issue remains open on the project's GitHub repository. Users are advised to avoid processing untrusted JavaScript input with mjs 2.20.0 until a patch is available. If possible, consider using a different JavaScript engine or applying input validation to mitigate the risk. [1]