CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-31875

In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 67.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://github.com/418sec/mjs/pull/2
https://github.com/cesanta/mjs/releases/tag/1.26
https://huntr.dev/bounties/1-other-mjs/
https://github.com/418sec/mjs/pull/2
https://github.com/cesanta/mjs/releases/tag/1.26
https://huntr.dev/bounties/1-other-mjs/

Products affected by CVE-2021-31875

Cesanta » Mongooseos Mjs » Version: 1.26

cpe:2.3:a:cesanta:mongooseos_mjs:1.26

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-31875

Products

Pricing

Contact Us