Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-36109 PoC — JerryScript 安全漏洞

Source
https://github.com/Limesss/CVE-2023-36109
Associated Vulnerability
Title:JerryScript 安全漏洞 (CVE-2023-36109)
Description:Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
Description
a poc for cve-2023-36109
Readme
# CVE-2023-36109
a poc for cve-2023-36109 
## request repo
```
git clone https://github.com/jerryscript-project/jerryscript.git
cd jerryscript
```

## build 
```
python ./tools/build.py --clean --debug --compile-flag=-m32 --compile-flag=-fno-omit-frame-pointer --compile-flag=-fno-common --compile-flag=-fsanitize=address --compile-flag=-g --strip=off --lto=off --error-messages=on --system-allocator=on --logging=on --line-info=on --stack-limit=20
```

## main reson 

buffer overflow at ecma_stringbuilder_append_raw in jerry-core/ecma/base/ecma-helpers-string.c:2609
File Snapshot

 [4.0K]  /data/pocs/6990fd35674b67c9c1fe4e29c98c5b080e197a8c
├── [ 111]  poc.js
└── [ 570]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →