janet-lang janet: Local data leak through handleattr function

Summary

A security issue exists in janet up to version 1.40.1 that could allow an attacker on the same computer to access sensitive data they shouldn't. This issue can be fixed by updating to version 1.41.0. We recommend upgrading the affected component as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
janet-lang	janet	<= 1.40.1	–

Original title

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. Th...

Original description

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.

nvd CVSS2.0 1.7

nvd CVSS3.1 5.5

nvd CVSS4.0 4.8

Vulnerability type

CWE-119 Buffer Overflow

CWE-125 Out-of-bounds Read

https://github.com/janet-lang/janet/ Product
https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b4... Patch
https://github.com/janet-lang/janet/issues/1699 Exploit Issue Tracking
https://github.com/janet-lang/janet/releases/tag/v1.41.0 Release Notes
https://github.com/oneafter/0123/blob/main/ja1/repro Exploit
https://vuldb.com/?ctiid.347106 Permissions Required VDB Entry
https://vuldb.com/?id.347106 Third Party Advisory VDB Entry
https://vuldb.com/?submit.754589 Third Party Advisory VDB Entry