SB2022121120 - Fedora 37 update for mujs

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022121120

SB2022121120 - Fedora 37 update for mujs

Published: December 11, 2022

Security Bulletin ID SB2022121120
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2022-44789)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing JavaScript files within the O_getOwnPropertyDescriptor() function. A remote attacker can pass a specially crafted JavaScript file to the application, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


2) NULL pointer dereference (CVE-ID: CVE-2022-30975)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the jsP_dumpsyntax() function in jsdump.c. A remote attacker can perform a denial of service (DoS) attack.


3) Uncontrolled Recursion (CVE-ID: CVE-2022-30974)

The vulnerability allows a remote attacker to perform a regular expression denial of service (DoS) attack.

The vulnerability exists due to unlimited recursion within the compile() function in regexp.cc. A remote attacker can pass a specially crafted string to the application and consume all available CPU resources on the system.

Remediation

Install update from vendor's website.

References