CVE-2017-18212

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

UBUNTU-CVE-2017-18212

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

Heap overflow

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

CVE-2017-18212

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

CVE-2017-18212

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the litreadcodeunitfromhex function in lit/lit-char-helpers.c via a RegExp"\x0"; payload...

CVE-2017-18212

CVE-2017-18212 affects JerryScript 1.0 and involves a heap-based buffer over-read in the function lit_read_code_unit_from_hex (file: lit/lit-char-helpers.c) triggered via the payload pattern RegExp("[\x0"). The issue is documented across multiple sources and is rated high/critical (NVD CVSS v3 ba...

JerryScript Denial of Service Vulnerability (CNVD-2017-34839)

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in JerryScript version 1.0. A remote attacker can exploit this vulnerability with a specially crafted .js file to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute...

UBUNTU-CVE-2017-14749

JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...

CVE-2017-14749

JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...

CVE-2017-14749

JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...

CVE-2017-14749

JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...

CVE-2017-14749

CVE-2017-14749 affects JerryScript 1.0. A crafted JavaScript file can trigger a denial of service through jmem_heap_alloc_block_internal heap memory corruption, and possibly allow arbitrary code execution. Root cause is unrecognized backslash characters causing incorrect 0x00 bytes in bytecode.li...

CVE-2017-14749

Removed by vendor...

JerryScript Denial of Service Vulnerability

JerryScript is a lightweight JavaScript engine . A security vulnerability exists in the 'lexerprocesscharliteral' function in the jerry-core/parser/js/js-lexer.c file in JerryScript version 1.0, which stems from the failure of a program to properly allocate memory. An attacker can exploit this...

CVE-2017-9250

The lexerprocesscharliteral function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via malformed JavaScript source code, related to...

CVE-2017-9250

The lexerprocesscharliteral function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via malformed JavaScript source code, related to...