Jerryscript : Security Vulnerabilities, CVEs, Published In 2017
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
Max CVSS
7.8
EPSS Score
0.12%
Published
2017-09-26
Updated
2017-10-06
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
Max CVSS
7.5
EPSS Score
0.45%
Published
2017-05-28
Updated
2020-10-28
2 vulnerabilities found