CVE-2024-35384 - Denial of Service Vulnerability due to Cesanta mjs 2.20. in mjs_array_length function

In this extensive post, we will discuss the details of the vulnerability CVE-2024-35384 that has been recently found affecting the Cesanta mjs 2.20., which is an embedded JavaScript engine for C/C++ applications. This vulnerability enables a remote attacker to trigger a denial of service (DoS) attack when exploiting the weakness in mjs_array_length function located in the mjs.c file.

Description

Cesanta mjs 2.20. (https://github.com/cesanta/mjs) is an embedded JavaScript engine that is designed for devices with limited resources. The CVE-2024-35384 vulnerability resides in the mjs_array_length function which is designed to calculate the length of the array. However, due to a flaw in the implementation, an attacker can exploit this function to cause the denial of service.

The issue can be traced to the following code snippet from mjs.c

MJS_PRIVATE int mjs_array_length(struct mjs *mjs) {
  mjs_val_t ret = ;
  mjs_fmt_llx(mjs->vals[-2], (unsigned long long) &ret);
  return (int) mjs_strlen(ret);
}

By sending a carefully crafted payload to the application, an attacker can cause the mjs_array_length function to enter an infinite loop, which will ultimately lead to a crash. The issue was reported and confirmed by Cesanta's security team.

Exploit Details

To exploit this vulnerability, an attacker needs to create a specific payload that will trigger a denial of service. Below is a sample code snippet, which demonstrates how such a payload can be designed:

let maybe_dos = new Array(1,2,3,4,5);
maybe_dos.length = xFFFFFFFF;
console.log(maybe_dos.length);

By utilizing this payload, the attacker can cause the attacked Cesanta mjs 2.20. engine to consume excessive resources which will eventually result in a denial-of-service condition.

Impact

The successful exploitation of this vulnerability can lead to a complete denial of service of the affected system or application that is using Cesanta mjs 2.20.. This means that the attacker can render the application or system unusable for the users or prevent it from functioning altogether.

Mitigation

The developers of Cesanta have issued a patch to address this vulnerability. Users are highly advised to update their Cesanta mjs installation to version 2.20.1 by following the steps provided in their official documentation:

https://github.com/cesanta/mjs/blob/master/README.md

Conclusion

CVE-2024-35384 is a serious vulnerability in Cesanta mjs 2.20. that opens the door to denial-of-service attacks by exploiting the mjs_array_length function. To avoid any possible exploitation, users should promptly update their affected installations to the latest version as recommended by the developers. Stay up to date with security patches and ensure that your applications are safe from potential threats.

Timeline

Published on: 05/21/2024 14:15:12 UTC
Last modified on: 08/01/2024 13:52:39 UTC