CVE-2023-50044

Name of the Vulnerable Software and Affected Versions Cesanta MJS versions 2.20.0 through 2.22.0

Description The issue is related to an out-of-bounds read in the getprop builtin foreign function when a Built-in API name occurs in a substring of an input string. This can lead to a buffer overflow, allowing attackers to execute arbitrary code, cause a denial of service, and obtain sensitive information. A segmentation fault can occur when the input string includes a name of Built-in APIs.

Recommendations For Cesanta MJS versions 2.20.0 through 2.22.0, consider disabling the getprop builtin foreign function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.