Janet-lang Janet Heap-Based Buffer Overflow Vulnerability in the janetc_if Function

A heap-buffer-overflow vulnerability has been identified in Janet-lang's Janet programming language, specifically in versions up to 1.40.1. The issue arises in the janetc_if function within the file src/core/specials.c. This vulnerability leads to an out-of-bounds read, where the program accesses memory beyond the allocated buffer, creating the potential for memory corruption or crashes. The vulnerability can be exploited locally, and a public exploit is available.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, leading to a read violation of size 4 at the boundary of an allocated region. This type of memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by building Janet with release optimization and AddressSanitizer (ASan) enabled. After compiling Janet, the janet compiler can be run with a specific input file that triggers the buffer overflow. The ASan report will confirm the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.

Remediation

Users are advised to update to the latest version of Janet, where this vulnerability has been fixed. The patch is available in the official GitHub repository.