CVE-2020-22886 – A buffer overflow vulnerability in the jsG

Q: What is the severity of CVE-2020-22886?

CVE-2020-22886 has a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in the jsG_markobject function of mujs JavaScript interpreter allows remote attackers to cause denial of service. This affects systems running vulnerable versions of mujs before 1.0.8. The vulnerability can be triggered through specially crafted JavaScript input.

📋 TL;DR

A buffer overflow vulnerability in the jsG_markobject function of mujs JavaScript interpreter allows remote attackers to cause denial of service. This affects systems running vulnerable versions of mujs before 1.0.8. The vulnerability can be triggered through specially crafted JavaScript input.

💻 Affected Systems

Products:

mujs

Versions: All versions before 1.0.8

Operating Systems: All platforms running mujs

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or system using mujs JavaScript interpreter with default configuration is vulnerable.

📦 What is this software?

Mujs by Artifex

View all CVEs affecting Mujs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, though this would require additional exploitation techniques beyond the documented DoS.

🟠

Likely Case

Denial of service causing application crashes or instability in systems using mujs for JavaScript processing.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing of JavaScript execution environments.

🌐 Internet-Facing: HIGH if mujs processes untrusted JavaScript input from external sources.

🏢 Internal Only: MEDIUM if mujs only processes trusted internal JavaScript content.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in GitHub issue #134. Exploitation requires ability to supply JavaScript input to mujs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.8 and later

Vendor Advisory: https://github.com/ccxvii/mujs/issues/134

Restart Required: Yes

Instructions:

1. Download mujs 1.0.8 or later from official repository. 2. Replace existing mujs installation with patched version. 3. Restart any services or applications using mujs.

🔧 Temporary Workarounds

Input Validation

all

Implement strict input validation and sanitization for JavaScript content processed by mujs.

Sandbox Execution

all

Run mujs in isolated containers or sandboxed environments to limit impact of potential exploitation.

🧯 If You Can't Patch

Implement network segmentation to isolate systems running vulnerable mujs versions.
Deploy application firewalls to filter and monitor JavaScript input to mujs.

🔍 How to Verify

Check if Vulnerable:

Check mujs version with 'mujs --version' or examine installed package version.

Check Version:

mujs --version

Verify Fix Applied:

Verify version is 1.0.8 or later and test with known exploit payloads.

📡 Detection & Monitoring

Log Indicators:

Application crashes
Segmentation faults in mujs processes
Unusual memory usage patterns

Network Indicators:

Unusual JavaScript payloads sent to services using mujs

SIEM Query:

Process crashes with mujs in stack trace OR Application logs containing mujs segmentation faults

📊 Metadata

CVE ID: CVE-2020-22886

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: July 13, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/ccxvii/mujs/issues/134 Exploit,Third Party Advisory
https://github.com/ccxvii/mujs/issues/134 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-22886, you might also want to check these: