CVE-2021-31875
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-31875
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31875.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-31875
- Published
- 2021-04-29T02:15:08.043Z
- Modified
- 2025-11-20T11:45:52.109067Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In mjsjson.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSON string can trigger an off-by-one heap-based buffer overflow in mjsjson_parse, which can potentially lead to redirection of control flow. NOTE: the original reporter disputes the significance of this finding because "there isn’t very much of an opportunity to exploit this reliably for an information leak, so there isn’t any real security impact."
- Database specific
{ "isDisputed": true }- References
Affected packages
Git / github.com/cesanta/mjs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cesanta/mjs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.20
1.20.1
1.21
1.22
1.22.1
1.23
1.24
1.25
1.5
1.6
1.7
1.8
1.9
Other
ddd
Database specific
vanir_signatures
[
{
"target": {
"file": "common/cs_varint.c"
},
"digest": {
"line_hashes": [
"234456157171672009667012020005863685987",
"146345927612699616111074413700893716313",
"108905283697329949653992095110269968398",
"40928701320816293082107573540797344185",
"16737667361413382403951905663352361970",
"32490330477822729405061052842574627060",
"164173215868758275743162668968896081187",
"336220235712481336989938226589175284337",
"320868728181603703685665517682974328720",
"27893539343358266705685645107797522834"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/cesanta/mjs/commit/30aa0f84dbb274afdd95006ed18431e131654cac",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-31875-6caf7cb9"
},
{
"target": {
"function": "cs_varint_decode",
"file": "mjs.c"
},
"digest": {
"length": 389.0,
"function_hash": "291219462004385368167517558065082996591"
},
"signature_version": "v1",
"source": "https://github.com/cesanta/mjs/commit/30aa0f84dbb274afdd95006ed18431e131654cac",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-31875-7753ab29"
},
{
"target": {
"function": "cs_varint_decode",
"file": "common/cs_varint.c"
},
"digest": {
"length": 389.0,
"function_hash": "291219462004385368167517558065082996591"
},
"signature_version": "v1",
"source": "https://github.com/cesanta/mjs/commit/30aa0f84dbb274afdd95006ed18431e131654cac",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2021-31875-789e4ca9"
},
{
"target": {
"file": "mjs.c"
},
"digest": {
"line_hashes": [
"234456157171672009667012020005863685987",
"146345927612699616111074413700893716313",
"108905283697329949653992095110269968398",
"40928701320816293082107573540797344185",
"16737667361413382403951905663352361970",
"32490330477822729405061052842574627060",
"164173215868758275743162668968896081187",
"336220235712481336989938226589175284337",
"320868728181603703685665517682974328720",
"27893539343358266705685645107797522834"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/cesanta/mjs/commit/30aa0f84dbb274afdd95006ed18431e131654cac",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2021-31875-ebec0f7c"
}
]