Buffer Overflow Vulnerability in MuJS JavaScript Engine by CCXVII
CVE-2020-22885

7.5HIGH

Key Information:

Vendor: Artifex
Status: Mujs
Vendor: CVE Published:; 13 July 2021

Summary

A buffer overflow vulnerability has been identified in the MuJS JavaScript engine prior to version 1.0.8. This vulnerability arises from excessive recursion during the garbage collection scanning phase, which can be exploited by remote attackers. Successful exploitation can lead to a denial of service, severely disrupting the functionality of applications that rely on the MuJS engine. Developers are advised to update to the latest version to mitigate the risks associated with this vulnerability.

References

https://github.com/ccxvii/mujs/issues/133

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Aug 13, 2020