CVE-2023-49552

Vulnerability

Cesanta mjs version 2.20.0 (commit b1b6eac) contains a stack overflow vulnerability in the mjs_op_json_stringify function within mjs.c [1]. This out-of-bounds write occurs when processing specially crafted JSON input, leading to a denial of service condition.

Exploitation

An attacker can exploit this vulnerability by providing a malicious input file (e.g., poc) to the mjs interpreter [1]. No authentication or special privileges are required; the attacker only needs to deliver the crafted input to the target system. The provided steps to reproduce involve compiling mjs with clang and running ./mjs -f poc, which triggers a stack overflow as confirmed by AddressSanitizer [1].

Impact

Successful exploitation results in a denial of service due to a stack overflow crash [1]. The ASAN report shows a DEADLYSIGNAL error, indicating the program terminates abnormally. No evidence of arbitrary code execution or data exfiltration is provided in the available references.

Mitigation

As of the publication date, no official patch has been released for this vulnerability [1]. Users are advised to avoid processing untrusted input with mjs version 2.20.0 and monitor the repository for future updates. If possible, consider using alternative JSON processing libraries until a fix is available.