CVE-2023-36109 PoC — JerryScript 安全漏洞

Source

https://github.com/Limesss/CVE-2023-36109

Associated Vulnerability

Title:JerryScript 安全漏洞 (CVE-2023-36109)
Description:JerryScript是Jerryscript项目的一款轻量级的JavaScript引擎。 JerryScript 3.0 版本存在安全漏洞，该漏洞源于允许远程攻击者通过 /jerry-core/ecma/base/ecma-helpers-string.c 中的 ecma_stringbuilder_append_raw 组件执行任意代码。

Description

a poc for cve-2023-36109

Readme

# CVE-2023-36109
a poc for cve-2023-36109 
## request repo
```
git clone https://github.com/jerryscript-project/jerryscript.git
cd jerryscript
```

## build 
```
python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --error-messages=on --system-allocator=on --logging=on --line-info=on --stack-limit=20
```

## main reson 

buffer overflow at ecma_stringbuilder_append_raw in jerry-core/ecma/base/ecma-helpers-string.c:2609

File Snapshot


 [4.0K]  /data/pocs/6990fd35674b67c9c1fe4e29c98c5b080e197a8c
├── [ 111]  poc.js
└── [ 570]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!