Описание
Cesanta MJS 2.20.0 has a getprop_builtin_foreign out-of-bounds read if a Built-in API name occurs in a substring of an input string.
Ссылки
- ExploitIssue Tracking
- Patch
- ExploitIssue Tracking
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:cesanta:mjs:2.22.0:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00106
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-120
Связанные уязвимости
CVSS3: 9.8
github
около 2 лет назад
Buffer Overflow vulnerability in Cesanta MJS version 2.22.0, allows attackers to execute arbitrary code, cause a denial of service (Dos), and obtain sensitive information via segmentation fault can occur in getprop_builtin_foreign when input string includes a name of Built-in APIs.
EPSS
Процентиль: 29%
0.00106
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-120