Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
The vulnerability is triggered when a built-in API name appears as a substring in the processed input string. In such a situation, the getprop_builtin_foreign function performs an out-of-bounds read. Lack of validation of length or boundaries of the processed string leads to uncontrolled memory access.
An attacker can cause disclosure of sensitive data from process memory, compromise integrity or availability of the application — in the worst case leading to its crash or enabling further exploitation activities.
Patches available from the vendor should be applied according to references (fix available in the project repository on GitHub as pull request #255). Update to a version containing the implemented fix is recommended.
Cesanta MJS version 2.20.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCesanta Mjs
APPCesanta2.22.0
Related vulnerabilities
Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_...
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_gc functio...
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse...
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos ...
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 comp...