84 matches found
CVE-2024-35384
Cesanta MJS 2.20.0 contains a DoS vulnerability in mjs_array_length (mjs.c) due to improper handling of incoming error messages. A remote attacker could trigger the issue to cause denial of service. Affected product is the embedded JavaScript engine; no patch/version remediation details are provi...
CVE-2020-18392
Cesanta MJS 1.20.1 contains a stack overflow in the parse_array function, enabling remote DoS via a crafted file. Affected: Cesanta MJS 1.20.1. Root cause: stack overflow in parse_array; impact is Denial of Service. Some sources suggest a workaround (disable the parse array function) until a fix;...
CVE-2020-36368
CVE-2020-36368 affects Cesanta MJS 1.20.1. A stack overflow vulnerability exists in parse_statement that allows remote attackers to cause a Denial of Service via a crafted file. Multiple security trackers (NVD, Red Hat, CNVD, OSV, CVE lists) reflect this issue; exploitation details or fixed versi...
CVE-2023-50044
CVE-2023-50044 affects Cesanta MJS; the vulnerability is an out-of-bounds read in getprop_builtin_foreign when a Built-in API name appears within a substring of input. Public records converge on Cesanta MJS versions 2.20.0 (and related advisories noting 2.20.0–2.22.0 in some sources). Red Hat and...
CVE-2020-36371
CVE-2020-36371 affects Cesanta MJS 1.20.1, with a stack overflow in parse_mul_div_rem that can be triggered by a crafted input file to cause a Denial of Service. The vulnerability is documented across multiple sources (NVD, Red Hat, CNVD, OSV, CVE lists). Reported impact is DoS; attack vector inv...
CVE-2020-36366
The CVE-2020-36366 entry maps to Cesanta MJS 1.20.1 and describes a stack overflow vulnerability in the parse_value function. The impact is a Denial of Service via crafted files, with no explicit exploitation details provided in the connected documents. No remediation details are included in the ...
CVE-2020-36370
Summary: CVE-2020-36370 is a stack overflow vulnerability in the Cesanta MJS engine, specifically in the parse_unary function of version 1.20.1. The issue can allow a remote attacker to cause a Denial of Service by supplying a crafted file. The connected sources confirm the vulnerability details ...
CVE-2024-35386
CVE-2024-35386 affects Cesanta mjs 2.20.0. The issue is in the mjs_do_gc function (mjs.c) and enables remote attackers to cause a denial of service. The CVSS v3.1 base score is 7.5 (Network, Low complexity, No privileges, no user interaction; Availability impact). Public details consistently desc...
CVE-2020-36375
CVE-2020-36375 affects Cesanta MJS 1.20.1, with a stack overflow in parse_equality. The vulnerability allows a crafted file to trigger a Denial of Service. The connected records corroborate the root cause (parse_equality stack overflow) and the impact (DoS) but do not provide remediation or patch...
CVE-2020-36372
CVE-2020-36372 is a stack overflow vulnerability in Cesanta MJS 1.20.1 affecting the parse_plus_minus function. The provided connected documents consistently describe a DoS condition exploitable via crafted files. No explicit remediation, patch version, or exploit details are present in the suppl...
CVE-2020-36374
CVE-2020-36374 describes a stack overflow vulnerability in Cesanta MJS 1.20.1, specifically in the parse_comparison function. The issue allows a crafted file to trigger a Denial of Service. The connected sources confirm the affected component and the root cause as a stack overflow in parse_compar...
CVE-2020-36369
Cesanta MJS 1.20.1 is affected by a stack overflow in parse_statement_list, enabling a crafted file to trigger a Denial of Service. The vulnerability is reported across multiple sources (CVE-2020-36369). No remediation or fix details are provided in the connected documents.
CVE-2020-36373
Cesanta MJS (embedded JavaScript engine for C/C++) v1.20.1 contains a stack overflow in parse_shifts that can be triggered by a crafted file, enabling remote attackers to cause a Denial of Service. The vulnerability is documented across multiple feeds (CVE-2020-36373 and related references). No r...
CVE-2020-36367
CVE-2020-36367 describes a stack overflow in Cesanta MJS 1.20.1’s parse_block. The vulnerability allows a DoS via a crafted file, as stated across multiple sources (e.g., CNVD, NVD, Red Hat). Affected software: Cesanta MJS 1.20.1 (embedded JavaScript engine for C/C++). Underlying cause: stack ove...
CVE-2021-33442
The CVE concerns Cesanta MJS (mJS) embedded JavaScript engine. A NULL pointer dereference in json_printf() (mjs.c) is identified as the underlying flaw. Documented impacts indicate a HIGH availability impact with MEDIUM overall risk (CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), and the vulner...
CVE-2021-33446
CVE-2021-33446 affects Cesanta’s mJS embedded JavaScript engine (mJS/mjs.c). The issue is a NULL pointer dereference in function mjs_next(), leading to a potential crash. Public documentation in the NVD entry notes a MEDIUM base CVSS score (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) with LOCAL attack v...
CVE-2021-33445
CVE-2021-33445 affects the Cesanta mJS embedded JavaScript engine (mjs.c) and is caused by a NULL pointer dereference in mjs_string_char_code_at(). The issue is documented across multiple feeds (NVD, Red Hat, OSV, CVE records) with the CVSSv3.1 base score 5.5 (Medium) indicating local access is r...
CVE-2021-46530
CVE-2021-46530 affects Cesanta MJS v2.20.0, with a SEGV vulnerability in the mjs_execute path (src/mjs_exec.c) that can cause a Denial of Service. The available documents identify the vulnerable component as the embedded JavaScript engine in Cesanta MJS and specify the fault as a segmentation fau...
CVE-2021-33444
CVE-2021-33444 affects the embedded JavaScript engine Cesanta MJS (mJS). The issue is a NULL pointer dereference in the function getprop_builtin_foreign() inside mjs.c, which could lead to a crash or instability in affected builds. The CVE entry, sourced from multiple vendors and databases, consi...
CVE-2021-46511
The CVE refers to Cesanta MJS (embedded JavaScript engine) v2.20.0 where an assertion in mjs_core.c (m->len >= sizeof(v)) can be triggered, leading to a denial of service. Public details consistently describe a DoS impact but do not document a specific vulnerable component beyond mjs_core.c...
CVE-2021-46518
CVE-2021-46518 affects Cesanta MJS v2.20.0 and is caused by a heap buffer overflow in the mjs_disown function (src/mjs_core.c). The connected sources confirm a heap overflow condition, with CP partial/INT/AVAIL impacts per CVSS, but the specific exploit details, affected OS/vendor version ranges,...
CVE-2021-46527
Cesanta MJS v2.20.0 contains a heap buffer overflow triggered by mjs_get_cstring in src/mjs_string.c. This CVE (CVE-2021-46527) is documented with a CVSS v3.1 base score of 7.8 (HIGH) [attack vector: LOCAL, attack complexity: LOW, privileges required: NONE, user interaction: REQUIRED; confidentia...
CVE-2021-46550
Cesanta MJS 2.20.0 has a SEGV vulnerability via free_json_frame in src/mjs_json.c that can cause a Denial of Service. The CVE-2021-46550 entry states the impact as DoS but does not provide concrete exploit details, affected vectors, or versions beyond 2.20.0. Connected documents do not add additi...
CVE-2021-33439
CVE-2021-33439 describes an integer overflow in the mjs (mJS: Restricted JavaScript engine) project, specifically in the function gc_compact_strings() within mjs.c. The vulnerability affects the embedded JavaScript engine used in ES6 contexts and is documented across multiple sources (NVD, Red Ha...
CVE-2021-46549
Cesanta MJS v2.20.0 is affected. The vulnerability is a SEGV in the parser, specifically parse_cval_type in src/mjs_ffi.c, leading to Denial of Service. Affected component: MJS engine (embedded JavaScript for C/C). Root cause: segmentation fault triggered during cval type parsing. Impact: DoS. Ex...
CVE-2024-35385
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_ffi_sig function in mjs.c. The CVSSv3.1 base score is 4.3 (Medium) with network access, low attack complexity, and low privileges required. APT/exploitation details are not provided; PT-2024-26471 ...
CVE-2021-46526
Cesanta MJS v2.20.0 contains a global buffer overflow via snquote in src/mjs_json.c. Affected component: MJS (embedded JavaScript engine for C/C). Root cause: buffer overflow in snquote. Impact (as per sources): high confidentiality, integrity, and availability. Attack vector: LOCAL; attack compl...
CVE-2021-46531
Cesanta MJS v2.20.0 is affected by a SEGV vulnerability triggered at /usr/local/bin/mjs+0x8d28e, leading to Denial of Service. Available connected sources (NVD, CNVD, OSV/CVE records) describe the issue as a DoS but do not provide explicit remediation details or fix/version. Exploitation details ...
CVE-2021-46546
Cesanta MJS v2.20.0 contains a SEGV vulnerability via mjs_next in src/mjs_object.c that can lead to a Denial of Service. Connected sources confirm the DoS impact but do not provide specific fixes or patch versions. No exploit details are given in the provided documents.
CVE-2021-46554
CVE-2021-46554 affects Cesanta MJS v2.20.0. A vulnerability in the function mjs_json_stringify (src/mjs_json.c) can trigger a Segmentation fault leading to a Denial of Service (DoS) . The connected documents consistently describe the same issue; no public details beyond this have been provided (n...
CVE-2021-33437
CVE-2021-33437 affects the mjs (mJS) embedded JavaScript engine. All connected sources describe memory leaks in the frozen_cb() function of mjs.c. The issue is tied to the ES6 engine and has been documented across multiple feeds (Red Hat, NVD, OSV, CVE lists). One PT Security entry notes that aff...
CVE-2021-46522
Cesanta MJS is affected by a heap buffer overflow in version v2.20.0. The overflow is reported to occur via the runtime environment path /usr/lib/x86_64-linux-gnu/libasan.so.4+0xaff53. The vulnerability is described with a CVSSv3.1 base score of 7.8 (HIGH), with LOCAL attack vector, no privileges...
CVE-2021-46534
Cesanta MJS v2.20.0 contains a SEGV vulnerability exploitable via getprop_builtin_foreign in src/mjs_exec.c, which can lead to a Denial of Service. Affected product is Cesanta MJS (embedded JavaScript engine for C/C from Cesanta Ireland). The available documents confirm the vulnerability but do n...
CVE-2021-46553
Cesanta MJS v2.20.0 contains a SEGV vulnerability via mjs_set_internal at src/mjs_object.c, leading to Denial of Service. The issue is confirmed across multiple sources (NVD entry and Red Hat/OSV/CVE mirrors). Affected component is the embedded JavaScript engine (MJS) in Cesanta C/C++ projects; e...
CVE-2021-46556
CVE-2021-46556 (Cesanta MJS v2.20.0) : A SEGV vulnerability was identified in the mjs_bcode_insert_offset routine in src/mjs_bcode.c, enabling a Denial of Service. The issue affects Cesanta MJS 2.20.0 and is documented across multiple feeds (NVD/Red Hat/CNVD, etc.). The impact is partial availabi...
CVE-2021-33438
CVE-2021-33438 : An issue in the mjs (mJS: Restricted JavaScript engine) ES6 engine has a stack buffer overflow in the function json_parse_array() within mjs.c. The vulnerability is documented across multiple feeds (NVD/Red Hat/EUVD/OSV etc.). The vulnerability is described without public exploit...
CVE-2021-33443
The CVE-2021-33443 entry concerns Cesanta MJS (mJS), the restricted JavaScript engine. The exposed flaw is a stack buffer overflow in the function mjs_execute() within mjs.c. Multiple connected sources (NVD, Red Hat CVE page, OSV, CVE records) consistently describe this same issue across the mJS ...
CVE-2021-33447
CVE-2021-33447 affects Cesanta’s embedded JavaScript engine mJS (mJS) with a NULL pointer dereference in function mjs_print() of file mjs.c . Multiple connected sources (NVD, Red Hat CNS, OSV, CVE catalogs) confirm the issue, described as a NULL pointer dereference in mjs_print(). Impact details ...
CVE-2021-33448
The CVE-2021-33448 issue concerns Cesanta MJS (mJS: Restricted JavaScript engine), used in ES6 environments. Multiple connected sources (Red Hat, NVD, OSV, CVE listing) consistently describe a stack buffer overflow at address 0x7fffe9049390. The vulnerability is documented across several feeds, b...
CVE-2021-33449
CVE-2021-33449 affects the Cesanta mJS embedded JavaScript engine (mJS) — specifically the mjs_bcode_part_get_by_offset() function in mjs.c, where a NULL pointer dereference is reported. The entry notes a local attack vector with the vulnerability potentially causing an availability impact (crash...
CVE-2021-46513
CVE-2021-46513 affects Cesanta MJS v2.20.0, with a vulnerability in the mjs_string.c implementation (mjs_mk_string) that results in a global buffer overflow. The affected component is the embedded JavaScript engine (Cesanta MJS). Root cause specifics described in sources: a buffer overflow in the...
CVE-2021-46520
CVE-2021-46520 involves Cesanta MJS v2.20.0, which has a heap buffer overflow in the function mjs_jprintf located in src/mjs_util.c . The connected sources confirm the vulnerable component and location but do not provide further exploit details or remediation. The impact is described as a heap ov...
CVE-2021-46540
Cesanta MJS v2.20.0 is affected by a SEGV vulnerability in mjs_get_mjs (src/mjs_builtin.c) that can cause a Denial of Service. This vulnerability is documented across multiple sources (CVE-2021-46540 and related records) and is described as a local-severity issue with potential for DoS exploitati...
CVE-2021-46542
Cesanta MJS v2.20.0 contains a SEGV vulnerability exploitable via mjs_print in src/mjs_builtin.c, causing Denial of Service. Public sources in provided documents confirm the defect and impact but do not specify an available patch version or mitigation. Details across connected records consistentl...
CVE-2021-33441
The CVE-2021-33441 issue affects Cesanta mJS (mjs.c) in the mJS restricted JavaScript engine. A NULL pointer dereference in exec_expr() is reported, leading to potential crashes (availability impact). The connected records confirm the vulnerability across multiple sources (NVD/Red Hat/Open Source...
CVE-2021-46509
Cesanta MJS 2.20.0 contains a stack overflow in the snquote function (mjs/src/mjs_json.c). PT-2022-12754 documents this issue and notes a temporary workaround: restrict access to the snquote function until a patch is available; no patched version is identified in the provided documents.
CVE-2021-46519
CVE-2021-46519 affects Cesanta MJS v2.20.0 and is caused by a heap buffer overflow in mjs_array_length (src/mjs_array.c). The connected documents confirm the vulnerable component is Cesanta MJS, describe a heap overflow, and do not provide explicit exploitation details, affected versions beyond v...
CVE-2021-46525
Cesanta MJS v2.20.0 contains a heap-use-after-free vulnerability in mjs_apply() (src/mjs_exec.c). Reported across multiple sources (e.g., NVD CVE-2021-46525) with a CVSS v3.1 base score of 7.8 (HIGH) and local/requirement-based exposure. The issue stems from incorrect heap memory handling in the ...
CVE-2021-46548
CVE-2021-46548 concerns Cesanta MJS v2.20.0, which contains a SEGV vulnerability triggered by add_lineno_map_item in src/mjs_bcode.c, leading to a Denial of Service. Affected: Cesanta MJS (embedded JavaScript engine for C/C) with DoS risk; exploitation or remediation details are not provided in t...
CVE-2021-33440
CVE-2021-33440 affects Cesanta MJS (mJS: Restricted JavaScript engine). The issue is a NULL pointer dereference in the function mjs_bcode_commit() within mjs.c , as described across multiple connected records. The vulnerability is documented consistently across NVD and vendor-related feeds, with ...