CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference.<br /> <br /> The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult objects will not be then-ables. Unfortunately, these IteratorResult objects inherit from `Object.prototype`, so these IteratorResult objects can be made then-able, triggering arbitrary behaviour, including re-entering the async generator machinery in a way that violates some internal invariants.<br /> <br /> The ECMAScript specification is a living standard and the issue has been addressed at the time of this advisory&amp;#39;s public disclosure. JavaScript engine implementors should refer to the latest specification and update their implementations to comply with the `AsyncGenerator` section.<br /> <br /> ## References<br /> <br /> - https://github.com/tc39/ecma262/commit/1e24a286d0a327d08e1154926b3ee79820232727<br /> - https://bugzilla.mozilla.org/show_bug.cgi?id=1901411<br /> - https://github.com/boa-dev/boa/security/advisories/GHSA-f67q-wr6w-23jq<br /> - https://bugs.webkit.org/show_bug.cgi?id=275407<br /> - https://issues.chromium.org/issues/346692561<br /> - https://www.cve.org/CVERecord?id=CVE-2024-7652