Last active
March 29, 2024 03:30
-
-
Save gandalf4a/9826a897ae1e3c8d1c7e71a1ec71d415 to your computer and use it in GitHub Desktop.
CVE-2024-29489
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[CVE ID] | |
CVE-2024-29489 | |
[PRODUCT] | |
JerryScript: JavaScript engine for the Internet of Things | |
[AFFECTED VERSION] | |
JerryScript 2.4.0 and earlier version. | |
[PROBLEM TYPE] | |
SEGV or crash | |
[DESCRIPTION] | |
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | |
[TECHNICAL DETAILS] | |
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | |
AddressSanitizer:DEADLYSIGNAL | |
================================================================= | |
==4145220==ERROR: AddressSanitizer: SEGV on unknown address 0x000001632228 (pc 0x0000004fa98a bp 0x7ffd146d3570 sp 0x7ffd146d3450 T0) | |
==4145220==The signal is caused by a READ memory access. | |
#0 0x4fa98a in ecma_get_object_type /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/base/ecma-helpers.c:238:58 | |
#1 0x530b2b in ecma_op_object_get_own_property_descriptor /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-objects.c:1806:7 | |
#2 0x53742e in ecma_proxy_object_get /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-proxy-object.c:1185:25 | |
#3 0x5bafa5 in ecma_builtin_string_prototype_object_match_all /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-string-prototype.c:384:32 | |
#4 0x5bafa5 in ecma_builtin_string_prototype_dispatch_routine /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtin-string-prototype.c:1397:12 | |
#5 0x50b96c in ecma_builtin_dispatch_routine /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1460:10 | |
#6 0x50b96c in ecma_builtin_dispatch_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/builtin-objects/ecma-builtins.c:1489:12 | |
#7 0x525d04 in ecma_op_function_call_native_built_in /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1217:5 | |
#8 0x52548f in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1411:16 | |
#9 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#10 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#11 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#12 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#13 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#14 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#15 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#16 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#17 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#18 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#19 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#20 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#21 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#22 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#23 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#24 0x5373ba in ecma_proxy_object_get /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-proxy-object.c:1173:30 | |
#25 0x58d2a9 in vm_loop /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:2959:20 | |
#26 0x582c82 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5211:37 | |
#27 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#28 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#29 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#30 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#31 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#32 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#33 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#34 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#35 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#36 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#37 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#38 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#39 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#40 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#41 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#42 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#43 0x52592a in ecma_op_function_call_simple /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1176:28 | |
#44 0x5254c5 in ecma_op_function_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/operations/ecma-function-object.c:1406:16 | |
#45 0x5832d5 in opfunc_call /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:758:5 | |
#46 0x5832d5 in vm_execute /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5217:9 | |
#47 0x581e39 in vm_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:5312:10 | |
#48 0x581ba0 in vm_run_global /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/vm/vm.c:286:25 | |
#49 0x4dae6a in jerry_run /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/api/jerryscript.c:548:24 | |
#50 0x5f9127 in jerryx_source_exec_script /home/user/fuzz/jerryscript_origin/jerryscript/jerry-ext/util/sources.c:68:14 | |
#51 0x4d6e94 in main /home/user/fuzz/jerryscript_origin/jerryscript/jerry-main/main-desktop.c:156:20 | |
#52 0x7f1536429d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 | |
#53 0x7f1536429e3f in __libc_start_main csu/../csu/libc-start.c:392:3 | |
#54 0x41ee74 in _start (/home/user/fuzz/jerryscript_origin/jerryscript/build/bin/jerry+0x41ee74) | |
AddressSanitizer can not provide additional info. | |
SUMMARY: AddressSanitizer: SEGV /home/user/fuzz/jerryscript_origin/jerryscript/jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type | |
==4145220==ABORTING | |
[Reporter] | |
Gandalf4a of PKU-Changsha Institute for Computing and Digital Economy | |
[Solution] | |
Update jerryscript to lastst commit. | |
[References] | |
https://github.com/jerryscript-project/jerryscript | |
https://github.com/jerryscript-project/jerryscript/issues/5101 | |
https://github.com/jerryscript-project/jerryscript/pull/5129 | |
https://github.com/matetokodi/jerryscript/commit/14daa9006ce00eb3ac21805392094e1a5c23e03c | |
https://github.com/matetokodi/jerryscript/commit/cfd26a4e11e9eab88d03cc1ac5f01e0f8a5b91b8 | |
https://github.com/jerryscript-project/jerryscript/commit/cefd391772529c8a9531d7b3c244d78d38be47c6 | |
[Disclosure Timeline] | |
2023-10-4 - Issue reported to vendor | |
2024-3-7 - Vendor responded and confirmed the issues | |
2024-3-13 - Vendor fix the issues | |
2024-3-27 - CVE Team RESERVED CVE-2024-29489 for this issue | |
2024-3-29 - Public Release |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment