Jerryscript » Jerryscript : Security Vulnerabilities, CVEs, (Memory corruption)
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-05-10
Updated
2023-05-17
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-05-10
Updated
2023-05-17
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-05-10
Updated
2023-05-16
Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.
Max CVSS
7.8
EPSS Score
0.05%
Published
2023-05-10
Updated
2023-05-16
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-04-24
Updated
2023-05-04
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-04-24
Updated
2023-05-04
Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-07-13
Updated
2022-07-20
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-01-21
Updated
2022-01-26
Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-01-21
Updated
2022-01-26
Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-01-21
Updated
2022-01-26
Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-01-20
Updated
2022-01-26
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.
Max CVSS
7.5
EPSS Score
0.07%
Published
2022-01-14
Updated
2022-01-21
Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.
Max CVSS
7.8
EPSS Score
0.10%
Published
2022-01-25
Updated
2022-01-27
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-04-07
Updated
2022-04-14
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-04-05
Updated
2022-04-14
There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-06-20
Updated
2022-06-28
There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-06-20
Updated
2022-06-28
An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-06-10
Updated
2021-06-16
An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.
Max CVSS
8.8
EPSS Score
0.20%
Published
2021-06-10
Updated
2021-06-16
An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.
Max CVSS
6.5
EPSS Score
0.08%
Published
2021-06-10
Updated
2021-06-16
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
Max CVSS
7.8
EPSS Score
0.09%
Published
2020-08-13
Updated
2024-03-21
An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-08-11
Updated
2023-08-16
There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-06-10
Updated
2021-06-16
There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-06-10
Updated
2021-06-16
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.
Max CVSS
9.8
EPSS Score
0.26%
Published
2021-06-10
Updated
2021-06-16