CVE-2019-16366

2019-09-1617:15:14

Google

osv.dev

7.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.4%

JSON

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.

CPENameOperatorVersion
moddableeq8.4.1
moddableeq8.6.0
moddableeq8.8.0
moddableeq9.0.1
moddableeq8.3.0
moddableeq8.4.0
moddableeq9.0.3
moddableeq8.6.2
moddableeq9.0.0
moddableeq8.6.1

Name	Operator	Version
moddable	eq	8.4.1
moddable	eq	8.6.0
moddable	eq	8.8.0
moddable	eq	9.0.1
moddable	eq	8.3.0
moddable	eq	8.4.0
moddable	eq	9.0.3
moddable	eq	8.6.2
moddable	eq	9.0.0
moddable	eq	8.6.1