Cesanta · Mongooseos Mjs · CVE-2021-31875
Name of the Vulnerable Software and Affected Versions:
Cesanta MongooseOS mJS version 1.26
Description:
A maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in `mjs json parse()`, potentially leading to redirection of control flow. The original reporter disputes the significance of this finding, stating that there is little opportunity to exploit this reliably for an information leak, and thus, no real security impact.
Recommendations:
For version 1.26, at the moment, there is no information about a newer version that contains a fix for this issue.