CVE-2021-31875: Buffer Overflow
First published: Thu Apr 29 2021(Updated: )
** DISPUTED ** In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjs_json_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cesanta MongooseOS mJS | =1.26 | |
| =1.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-31875?
The severity of CVE-2021-31875 is disputed, but it involves a potential off-by-one heap-based buffer overflow.
How do I fix CVE-2021-31875?
To fix CVE-2021-31875, update Cesanta MongooseOS mJS to version 1.27 or later.
What software is affected by CVE-2021-31875?
CVE-2021-31875 affects Cesanta MongooseOS mJS version 1.26.
What type of vulnerability is CVE-2021-31875?
CVE-2021-31875 is classified as a buffer overflow vulnerability.
Can CVE-2021-31875 allow control flow redirection?
Yes, CVE-2021-31875 can potentially lead to redirection of control flow if exploited.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/status
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/event
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- status/disputed
- vendor/cesanta
- canonical/cesanta mongooseos mjs
- version/cesanta mongooseos mjs/1.26