EUVD-2021-33184

Malicious code in bioql PyPI...

Null pointer dereference

Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjsgetptr. This vulnerability allows attackers to execute arbitrary code via a crafted input...

CVE-2023-43338

CVE-2023-43338 affects Cesanta mjs v2.20.0. A vulnerability in the function mjs_get_ptr() enables function pointer hijacking that can lead to arbitrary code execution via crafted input. CVSS v3.1: Severity CRITICAL (9.8), Network attack vector, no user interaction required. A temporary workaround...

CVE-2023-29570

CVE-2023-29570 affects Cesanta MJS v2.20.0. A SEGV vulnerability via mjs_ffi_cb_free in src/mjs_ffi.c allows Denial of Service. Exploitation details are not provided in the connected sources beyond the SEGV/DoS impact. Red Hat and other feeds corroborate the issue. A temporary workaround from PT-...

CVE-2023-29569

CVE-2023-29569 affects Cesanta MJS v2.20.0. A SEGV/segmentation fault is triggered via ffi_cb_impl_wpwwwww in src/mjs_ffi.c, resulting in Denial of Service. Documents do not provide a patch version or explicit remediation; exploitation details are not listed.

Code injection

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gcsweep at src/mjsgc.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2023-29571

Cesanta MJS v2.20.0 is affected by a SEGV vulnerability via gc_sweep in src/mjs_gc.c, causing Denial of Service. The issue is confirmed across multiple feeds (NVD, Red Hat, CNVD, OSV, etc.). Affected component: Cesanta MJS engine; vulnerability type: segmentation fault leading to DoS; root cause:...

CVE-2021-46554

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjsjsonstringify at src/mjsjson.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46535

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46532

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via execexpr at src/mjsexec.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46525

Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjsapply at src/mjsexec.c...

CVE-2021-46539

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x8664-linux-gnu/libc.so.6+0x45a1f. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46544

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x8664-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service DoS...

CVE-2021-46511

There is an Assertion m-len = sizeofv' failed at src/mjscore.c in Cesanta MJS v2.20.0...

CVE-2021-46510

There is an Assertion s ownedstrings.buf + mjs-ownedstrings.len' failed at src/mjsgc.c in Cesanta MJS v2.20.0...

CVE-2021-46515

There is an Assertion mjsstacksize&mjs-scopes = scopeslen' failed at src/mjsexec.c in Cesanta MJS v2.20.0...

CVE-2021-46508

There is an Assertion i partscnt' failed at src/mjsbcode.c in Cesanta MJS v2.20.0...

CVE-2021-46509

Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjsjson.c...

CVE-2021-46514

There is an Assertion 'ppos != NULL && mjsisnumberppos' failed at src/mjscore.c in Cesanta MJS v2.20.0...

CVE-2021-46517

There is an Assertion mjsstacksize&mjs-scopes 0' failed at src/mjsexec.c in Cesanta MJS v2.20.0...