1246 matches found
CVE-2021-46170
CVE-2021-46170 describes a Use-After-Free in JerryScript’s lexer_compare_identifier_to_string (js-lexer.c) from commit a6ab5e9. The vulnerability is reported across multiple feeds (NVD, OSV, CNVD, UBuntu OSV, Debian, etc.). Affected component is the JerryScript JavaScript engine; root cause is a ...
CVE-2021-46170
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexercompareidentifiertostring in js-lexer.c file...
CVE-2021-46170
Removed by vendor...
JerryScript 资源管理错误漏洞
JerryScript is a lightweight JavaScript engine from the JerryScript Jerryscript project. a security vulnerability exists in JerryScript, which stems from an issue found in JerryScript commit a6ab5e9. Use-After-Free in the lexercompareidentifiertostring in the js-lexer.c file. No details of the...
The vulnerability of the `ecma_ref_ecma_string` function in the `ecma-helpers-string.c` component of the JavaScript engine for Internet of Things technology, JerryScript, and the IoT.js platform, relates to memory management after its release. This vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ecmarefecmastring function in the ecma-helpers-string.c component of the JavaScript framework for Internet of Things applications, JerryScript, and the IoT.js platform, is related to the use of memory after it is released. Exploiting this vulnerability could allow an...
The vulnerability of the `scanner_literal_is_created` function in the `js-scanner-util.c` component of the JavaScript IoT engine for JerryScript and the IoT.js platform is related to the insufficient use of the `assert()` function. This allows a malicious actor to trigger a service failure.
The vulnerability of the scannerliteraliscreated function in the js-scanner-util.c component of the JavaScript IoT scripting engine, JerryScript, and the IoT.js platform is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a remote attacker to cause...
The vulnerability in the `lexer_parse_number` function of the `js-lexer.c` component of the JavaScript engine for Internet of Things applications, JerryScript, and the IoT.js platform, related to buffer overflows, allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the lexerparsenumber function in the js-lexer.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain access to confidential dat...
The vulnerability in the `parser_parse_statements` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.
The vulnerability of the parserparsestatements function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a service...
The vulnerability of the ecma-bytecode-ref function in the ecma-helpers.c component of the JavaScript engine for IoT JerryScript and the IoT.js platform, related to memory usage after deallocation, allows a attacker to trigger a service failure.
The vulnerability of the ecmabytecoderef function in the ecma-helpers.c component of the JavaScript engine for IoT JerryScript and the IoT.js platform is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability in the `parser_parse_expression` function of the `js-parser-expr.c` component of the JavaScript engine for Internet of Things technology, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a malicious actor to trigger a service failure.
The vulnerability of the parserparseexpression function in the js-parser-expr.c component of the JavaScript engine for Internet of Things technology, JerryScript, and the IoT.js platform is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicio...
The vulnerability in the `parser_emit_cbc_backward_branch` function of the `js-parser-util.c` component of the JavaScript engine for Internet of Things JerryScript and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.
The vulnerability of the parseremitcbcbackwardbranch function in the js-parser-util.c component of the JavaScript engine for Internet of Things JerryScript and the IoT.js platform is related to the insufficient use of the assert function. Exploiting this vulnerability can allow a remote attacker ...
The vulnerability in the `parser_parse_function_arguments` function of the `js-parser.c` component of the JavaScript Internet of Things engine, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a malicious actor to cause a service failure.
The vulnerability of the parserparsefunctionarguments function in the js-parser.c component of the JavaScript Internet of Things engine, JerryScript, and the IoT.js platform is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a remote attacker to...
The vulnerability of the ecmaRegexpMatch function in the ecma-regexp-object.c component of the JavaScript for Internet of Things technology, JerryScript, and the IoT.js platform, related to writing beyond buffer boundaries, allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the ecmaRegexpMatch function in the ecma-regexp-object.c component of the JavaScript for Internet of Things technology, JerryScript, and the IoT.js platform, is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to gain access to...
The vulnerability in the `parser_parse_function_statement` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.
The vulnerability of the parserparsefunctionstatement function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a...
The vulnerability in the `parser_parse_source` function of the `js-parser.c` component of the JavaScript framework for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to cause a service failure.
The vulnerability of the parserparsesource function in the js-parser.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cau...
The vulnerability of the `re_parse_char_escape` function in the `re-parser.c` component of the JavaScript Internet of Things scripting engine JerryScript and the IoT.js platform, related to buffer overflow attacks, allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the reparsecharescape function in the re-parser.c component of the JavaScript Internet of Things scripting engine JerryScript and the IoT.js platform is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
The vulnerability of the `jmem_pools_collect_empty` function in the `jmem-poolman.c` component of the JavaScript Internet of Things engine JerryScript and the IoT.js platform, related to out-of-buffer writing, allows a malicious actor to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the jmempoolscollectempty function in the jmem-poolman.c component of the JavaScript Internet of Things engine, JerryScript, and the IoT.js platform is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to gain access to sensitive data,...
The vulnerability in the `main_print_unhandled_exception` function of the `main-utils.c` component in the JavaScript Internet of Things scripting engine, JerryScript, and the IoT.js platform, arises due to insufficient checking of unusual or exceptional states. This allows a malicious actor to trigger a service failure.
The vulnerability in the mainprintunhandledexception function of the main-utils.c component in the JavaScript Internet of Things engine, JerryScript, and the IoT.js platform is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a remote...
The vulnerability of the `ecma_deref_bigint` function in the `ecma-helpers.c` component of the JavaScript engine for Internet of Things JerryScript and the IoT.js platform, related to the issue of performing operations outside of the buffer in memory, allows a malicious actor to cause a service failure.
The vulnerability of the ecmaderefbigint function in the ecma-helpers.c component of the JavaScript engine for Internet of Things JerryScript and the IoT.js platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to...
JerryScript Reuse After Release Vulnerability
JerryScript is a lightweight JavaScript engine . A post-release reuse vulnerability exists in ecmabytecoderef in ecma-helpers.c in JerryScript version 2.4.0. No detailed vulnerability details are provided at this time...