Jerryscript : Security Vulnerabilities, CVEs, Published In 2017

CVE-2017-14749

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
Max CVSS
7.8
EPSS Score
0.12%
Published
2017-09-26
Updated
2017-10-06

CVE-2017-9250

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
Max CVSS
7.5
EPSS Score
0.45%
Published
2017-05-28
Updated
2020-10-28
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close