CVE-2020-13991

CVE-2020-13991 affects JerryScript 2.2.0, specifically the vm/opcodes.c implementation. The provided sources state that an attacker can hijack the flow of control by manipulating a register within this module. This vulnerability is tied to the release of JerryScript 2.2.0 and is documented across...

JerryScript buffer overflow vulnerability (CNVD-2020-49700)

JerryScript is a lightweight JavaScript engine JerryScript project . A buffer overflow vulnerability exists in JerryScript 2.3.0 and prior versions. The vulnerability stems from a networked system or product that performs operations in memory without properly validating data boundaries, resulting...

JerryScript ecma_is_lexical_environment buffer overflow vulnerability

JerryScript is a lightweight JavaScript engine from the JerryScript project. jerryScript ecmaislexicalenvironment has a buffer overflow vulnerability that can be exploited by attackers to submit special requests that can crash an application or execute arbitrary code...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24344

JerryScript through 2.3.0 has a functiona=argumentsconst arguments buffer over-read...

CVE-2020-24344

JerryScript through 2.3.0 has a functiona=argumentsconst arguments buffer over-read...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

Design/Logic Flaw

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

UBUNTU-CVE-2020-24344

JerryScript through 2.3.0 has a functiona=argumentsconst arguments buffer over-read...

UBUNTU-CVE-2020-24345

DISPUTED JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24344

JerryScript through 2.3.0 has a functiona=argumentsconst arguments buffer over-read...

Buffer overflow

JerryScript through 2.3.0 has a functiona=argumentsconst arguments buffer over-read...

CVE-2020-24344

JerryScript through 2.3.0 has a functiona=argumentsconst arguments buffer over-read...

CVE-2020-24344

JerryScript up to version 2.3.0 is affected by a buffer over-read in a function using a default parameter (function({a=arguments}){const arguments}). The issue is described across multiple sources as a buffer over-read in JerryScript 2.3.0 and earlier. The provided documents do not specify the ex...

CVE-2020-24344

Removed by vendor...

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function anew new Proxya,JSON.parse"",a. NOTE: the vendor states that the problem is the lack of the --stack-limit option...

CVE-2020-24345

CVE-2020-24345 affects JerryScript prior to 2.3.0. The issue allows stack consumption via the pattern: a(){new new Proxy(a,{})}JSON.parse("[]",a), with the vendor stating the root cause is the lack of the --stack-limit option. Impact is primarily stack depletion potentially causing a crash; no ex...

PT-2020-15696 · Jerryscript · Jerryscript

Name of the Vulnerable Software and Affected Versions: JerryScript versions prior to 2.3.0 Description: The issue is related to stack consumption via a function that utilizes new new Proxya, and JSON.parse"",a. The vendor notes that the problem stems from the lack of the --stack-limit option...

JerryScript suffers from a denial of service vulnerability (CNVD-2020-51545)

JerryScript is a lightweight JavaScript engine JerryScript project . A denial of service vulnerability exists in JerryScript, which can be exploited by an attacker to cause a program crash...