Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-5759Uncontrolled Recursion in Mujs

CWE-674Uncontrolled Recursion7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
3.8%
top 11.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Artifex Mujs
Timeline
PublishedJan 24
Latest updateMay 13

Description

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDartifex/mujs1.0.2

Patches

Patch: www.exploit-db.comPatch: www.exploit-db.com

🔴Vulnerability Details

2
GHSA
GHSA-j2g9-xj29-72m9: jsparse2022-05-13
CVEList
CVE-2018-5759: jsparse2018-01-24

💥Exploits & PoCs

1
Exploit-DB
Artifex MuJS 1.0.2 - Integer Overflow2018-01-28

📋Vendor Advisories

1
Debian
CVE-2018-5759: mujs - jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth...2018

💬Community

2
Bugzilla
CVE-2018-5759 mujs: Improper management of AST depth in jsparse.c can allow a remote attacker to cause a denial of service via a crafted file2018-01-29
Bugzilla
CVE-2018-5759 mujs: Improper management of AST depth in jsparse.c can allow a remote attacker to cause a denial of service via a crafted file [fedora-all]2018-01-29
CVE-2018-5759 — Uncontrolled Recursion in Artifex Mujs | cvebase