Описание
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cesanta:mongooseos_mjs:1.26:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.0055
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-193
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow.
EPSS
Процентиль: 67%
0.0055
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-193