https://arzedlab.github.io/tags/cve-2021-38003/Recent content in CVE-2021-38003 on Arzedlab 🪵Hugoen-us© RavshanSat, 30 Mar 2024 00:00:00 +0000https://arzedlab.github.io/posts/cve-2021-38003-the-hole-leak-to-rce-ed84a7ccd2664916bb597042d3423439/Sat, 30 Mar 2024 00:00:00 +0000https://arzedlab.github.io/posts/cve-2021-38003-the-hole-leak-to-rce-ed84a7ccd2664916bb597042d3423439/<h1 id="cve-2021-38003--the-hole-leak-to-rce">CVE-2021-38003 | The Hole Leak to RCE</h1> <table> <thead> <tr> <th><strong>Type Of Vulnerability</strong></th> <th>The Hole Leak</th> </tr> </thead> <tbody> <tr> <td><strong>Security Severity</strong></td> <td><strong>High</strong></td> </tr> <tr> <td><strong>Effected Components</strong></td> <td><strong>Javascript, Turbofan</strong></td> </tr> <tr> <td><strong>Issue Source</strong></td> <td><a href="https://issues.chromium.org/issues/40057710">https://issues.chromium.org/issues/40057710</a></td> </tr> <tr> <td><strong>Writeup Source(s)</strong></td> <td>None</td> </tr> <tr> <td><strong>Tested Version</strong></td> <td>Google Chrome 95.0.4638.54 (Official Build) (x86_64)</td> </tr> <tr> <td><strong>Vulnerable commit</strong></td> <td>a4252db3228433fed5c2bdb0fdff9a6b7b638f3b</td> </tr> </tbody> </table> <h1 id="deep-dive-into-vulnerability">Deep Dive Into Vulnerability</h1> <p>[1] The vulnerability arises as V8 attempts to handle exceptions in <code>JSON.stringify()</code>. If a exception appears in the built-in function, <code>pending_exception_</code> is set by the <code>Isolate::set_pending_exception()</code> method. The calling code then moves to the V8 exception handling mechanism, where the <code>Isolate::pending_exception()</code> member is fetched from the active isolate and the currently active JavaScript exception handler is invoked using it.</p>