Stack Buffer Overflow in mJS JavaScript Engine Affecting Cesanta Products
CVE-2021-33448

5.5MEDIUM

Key Information:

Vendor: Cesanta
Status: Mjs
Vendor: CVE Published:; 26 July 2022

What is CVE-2021-33448?

A stack buffer overflow vulnerability has been identified in the mJS Restricted JavaScript engine (ES6). This issue can potentially allow malicious actors to exploit the overflow, leading to unexpected behavior or errors in applications utilizing this JavaScript engine. The vulnerability manifests at a specific memory address (0x7fffe9049390), emphasizing the need for developers and systems integrators to apply relevant patches and updates to mitigate any associated risks.

References

https://github.com/cesanta/mjs/issues/170

x_refsource_MISC

https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f7...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2022
Vulnerability Reserved
May 20, 2021

CVE-2021-33448 Data

JSON