Search
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44988 | 1 Jerryscript | 1 Jerryscript | 2023-08-08 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | |||||
| CVE-2022-32117 | 1 Jerryscript | 1 Jerryscript | 2022-07-20 | N/A | 7.8 HIGH |
| Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. | |||||
| CVE-2021-41683 | 1 Jerryscript | 1 Jerryscript | 2022-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | |||||
| CVE-2021-41682 | 1 Jerryscript | 1 Jerryscript | 2022-06-28 | 6.8 MEDIUM | 7.8 HIGH |
| There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 | |||||
| CVE-2021-41959 | 1 Jerryscript | 1 Jerryscript | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | |||||
| CVE-2022-22895 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. | |||||
| CVE-2022-22894 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. | |||||
| CVE-2022-22893 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. | |||||
| CVE-2022-22888 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c. | |||||
| CVE-2021-46170 | 1 Jerryscript | 1 Jerryscript | 2022-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file. | |||||
| CVE-2020-13649 | 1 Jerryscript | 1 Jerryscript | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | |||||
| CVE-2020-14163 | 1 Jerryscript | 1 Jerryscript | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c. | |||||
| CVE-2020-23312 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. | |||||
| CVE-2020-23313 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 | |||||
| CVE-2020-23314 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. | |||||
| CVE-2020-23319 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. | |||||
| CVE-2020-23311 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. | |||||
| CVE-2020-23322 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. | |||||
| CVE-2021-26195 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file. | |||||
| CVE-2020-23310 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. | |||||
| CVE-2020-23309 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. | |||||
| CVE-2020-23308 | 1 Jerryscript | 1 Jerryscript | 2021-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. | |||||
| CVE-2020-23320 | 1 Jerryscript | 1 Jerryscript | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. | |||||
| CVE-2017-9250 | 1 Jerryscript | 1 Jerryscript | 2020-10-28 | 5.0 MEDIUM | 7.5 HIGH |
| The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | |||||
| CVE-2020-13991 | 1 Jerryscript | 1 Jerryscript | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | |||||
| CVE-2020-24344 | 1 Jerryscript | 1 Jerryscript | 2020-08-19 | 5.8 MEDIUM | 7.1 HIGH |
| JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. | |||||
| CVE-2020-24345 | 1 Jerryscript | 1 Jerryscript | 2020-08-14 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option. | |||||
| CVE-2020-13622 | 1 Jerryscript | 1 Jerryscript | 2020-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. | |||||
| CVE-2020-13623 | 1 Jerryscript | 1 Jerryscript | 2020-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. | |||||
| CVE-2017-14749 | 1 Jerryscript | 1 Jerryscript | 2017-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | |||||