CVE-2023-50044

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 20, 2023
Updated: Dec 29, 2023
CWE ID 120

Summary

CVE-2023-50044 is a Critical vulnerability that affects Cesanta MJS version 2.20.0. The vulnerability allows attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information through a Buffer Overflow. This occurs when the input string includes the name of Built-in APIs, leading to an out-of-bounds read in the getprop_builtin_foreign function. The vulnerability has a base severity score of 9.8 according to NIST and poses a high risk to organizations as it can be exploited remotely over a network without requiring any privileges or user interaction. It has a high impact on confidentiality, integrity, and availability of affected systems. Remediating this vulnerability requires updating to a version of Cesanta MJS that is not affected by the issue (2.22.0 or later).

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50044 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options