Login Sign Up

CVE-2021-46526

7.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2021-46526 is a global buffer overflow vulnerability in Cesanta MJS v2.20.0's JSON parsing functionality that allows attackers to execute arbitrary code or cause denial of service. This affects any application or device using the vulnerable MJS JavaScript engine. The vulnerability is triggered through specially crafted JSON input.

💻 Affected Systems

Products:
  • Cesanta MJS
Versions: v2.20.0 specifically
Operating Systems: All platforms where MJS is deployed
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using MJS v2.20.0 with JSON parsing enabled is vulnerable by default.

📦 What is this software?

Mjs by Cesanta

View all CVEs affecting Mjs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing application crashes or instability, potentially leading to service disruption.

🟢

If Mitigated

Application crash with limited impact if proper sandboxing, memory protection, and privilege separation are implemented.

🌐 Internet-Facing: HIGH - The vulnerability can be triggered via JSON input, which is commonly processed by internet-facing applications.
🏢 Internal Only: MEDIUM - Internal systems processing JSON data from untrusted sources remain vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub issue contains technical details and proof-of-concept. Buffer overflow vulnerabilities in parsing functions are commonly weaponized.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.20.1 or later

Vendor Advisory: https://github.com/cesanta/mjs/issues/191

Restart Required: Yes

Instructions:

1. Update MJS to version 2.20.1 or later. 2. Recompile any applications using MJS. 3. Restart affected services. 4. Verify the fix by testing with known malicious JSON payloads.

🔧 Temporary Workarounds

Disable JSON parsing

all

Disable MJS JSON parsing functionality if not required

Recompile MJS with JSON support disabled via build configuration

Input validation and sanitization

all

Implement strict input validation for JSON data before passing to MJS

🧯 If You Can't Patch

  • Implement network segmentation to isolate vulnerable systems
  • Deploy web application firewall (WAF) with buffer overflow protection rules

🔍 How to Verify

Check if Vulnerable:

Check if application uses MJS v2.20.0. Review source code or dependencies for MJS inclusion.

Check Version:

Check build configuration or dependency files for MJS version reference

Verify Fix Applied:

Verify MJS version is 2.20.1 or later. Test with proof-of-concept payload from GitHub issue.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory corruption errors in logs
  • Unusual JSON parsing errors

Network Indicators:

  • Large or malformed JSON payloads to endpoints using MJS
  • Repeated connection attempts with JSON data

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "buffer overflow" OR "mjs")

📊 Metadata

CVE ID: CVE-2021-46526
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: January 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46526, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)