Lucene search

K
JerryscriptJerryscript

97 matches found

CVE
CVE
added 2021/06/10 11:15 p.m.161 views

CVE-2020-23310

There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.158 views

CVE-2020-23320

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00303EPSS
CVE
CVE
added 2023/05/10 3:15 p.m.139 views

CVE-2023-31906

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.

7.8CVSS7.6AI score0.00099EPSS
CVE
CVE
added 2023/05/10 3:15 p.m.133 views

CVE-2023-31907

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.

7.8CVSS7.6AI score0.0007EPSS
CVE
CVE
added 2022/01/21 12:15 a.m.127 views

CVE-2022-22891

Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.

5.5CVSS5.5AI score0.00138EPSS
CVE
CVE
added 2022/01/21 12:15 a.m.126 views

CVE-2022-22893

Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.

7.8CVSS7.8AI score0.00178EPSS
CVE
CVE
added 2023/05/10 3:15 p.m.125 views

CVE-2023-31910

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2023/05/12 2:15 p.m.123 views

CVE-2023-31919

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.

5.5CVSS5.5AI score0.00077EPSS
CVE
CVE
added 2023/06/14 4:15 p.m.122 views

CVE-2023-34867

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.

7.5CVSS7.5AI score0.0009EPSS
CVE
CVE
added 2023/07/07 4:15 p.m.121 views

CVE-2023-36201

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.

7.5CVSS7.1AI score0.00086EPSS
CVE
CVE
added 2020/05/27 12:15 a.m.116 views

CVE-2020-13622

JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.

7.5CVSS7.3AI score0.00328EPSS
CVE
CVE
added 2020/05/28 3:15 p.m.111 views

CVE-2020-13649

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.

7.5CVSS7.5AI score0.00401EPSS
CVE
CVE
added 2020/05/27 12:15 a.m.108 views

CVE-2020-13623

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.

7.5CVSS7.3AI score0.00328EPSS
CVE
CVE
added 2022/01/21 12:15 a.m.108 views

CVE-2022-22894

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.

7.8CVSS7.8AI score0.00178EPSS
CVE
CVE
added 2022/01/21 12:15 a.m.96 views

CVE-2022-22892

There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core...

5.5CVSS5.5AI score0.00138EPSS
CVE
CVE
added 2023/08/21 5:15 p.m.96 views

CVE-2023-38961

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.

9.8CVSS9.6AI score0.05943EPSS
CVE
CVE
added 2022/01/20 11:15 p.m.82 views

CVE-2022-22888

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

7.8CVSS7.8AI score0.00195EPSS
CVE
CVE
added 2022/02/17 3:15 a.m.81 views

CVE-2022-22901

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.

5.5CVSS5.5AI score0.00232EPSS
CVE
CVE
added 2022/04/07 9:15 p.m.78 views

CVE-2021-43453

A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.

9.8CVSS8.8AI score0.00468EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.71 views

CVE-2021-26198

An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.

6.5CVSS6.4AI score0.00257EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.66 views

CVE-2021-26197

An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.

6.5CVSS6.4AI score0.00257EPSS
CVE
CVE
added 2022/04/05 4:15 p.m.66 views

CVE-2021-41752

Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.

9.8CVSS9.4AI score0.00365EPSS
CVE
CVE
added 2022/05/03 11:15 a.m.65 views

CVE-2021-41959

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.

7.5CVSS7.5AI score0.00266EPSS
CVE
CVE
added 2020/09/24 11:15 p.m.64 views

CVE-2020-13991

vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.

7.5CVSS7.4AI score0.01107EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.64 views

CVE-2021-26194

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.

6.5CVSS6.4AI score0.00238EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.64 views

CVE-2021-26195

An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.

8.8CVSS8.6AI score0.00359EPSS
CVE
CVE
added 2022/07/13 9:15 p.m.64 views

CVE-2022-32117

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c.

7.8CVSS7.8AI score0.00052EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.62 views

CVE-2021-26199

An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.

6.5CVSS6.4AI score0.00257EPSS
CVE
CVE
added 2020/06/15 9:15 p.m.61 views

CVE-2020-14163

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_...

7.5CVSS7.3AI score0.00399EPSS
CVE
CVE
added 2020/08/13 7:15 p.m.56 views

CVE-2020-24344

JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.

7.1CVSS7AI score0.00181EPSS
CVE
CVE
added 2022/04/05 4:15 p.m.56 views

CVE-2021-41751

Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.

9.8CVSS9.6AI score0.00414EPSS
CVE
CVE
added 2022/05/12 1:15 p.m.56 views

CVE-2021-42863

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

9.8CVSS9.6AI score0.00471EPSS
CVE
CVE
added 2022/01/20 11:15 p.m.56 views

CVE-2022-22890

There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.

5.5CVSS5.5AI score0.0021EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.55 views

CVE-2020-23313

There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2022/06/20 2:15 p.m.52 views

CVE-2021-41682

There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0

7.8CVSS7.5AI score0.00175EPSS
CVE
CVE
added 2017/05/28 8:29 p.m.51 views

CVE-2017-9250

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related ...

7.5CVSS7.4AI score0.02382EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.51 views

CVE-2020-23312

There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00303EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.51 views

CVE-2020-23314

There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2020/08/13 7:15 p.m.51 views

CVE-2020-24345

JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option

7.8CVSS7.6AI score0.00168EPSS
CVE
CVE
added 2022/01/21 12:15 a.m.51 views

CVE-2022-22895

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.

7.8CVSS7.6AI score0.00168EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.50 views

CVE-2020-23309

There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.50 views

CVE-2020-23311

There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.50 views

CVE-2020-23319

There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00274EPSS
CVE
CVE
added 2022/06/20 2:15 p.m.50 views

CVE-2021-41683

There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0

7.8CVSS7.5AI score0.00185EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.49 views

CVE-2020-23306

There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.

9.8CVSS9.4AI score0.00377EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.49 views

CVE-2020-23321

There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.

9.8CVSS9.4AI score0.00356EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.49 views

CVE-2020-23322

There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0.

7.5CVSS7.5AI score0.00303EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.49 views

CVE-2020-23323

There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.

9.8CVSS9.4AI score0.00356EPSS
CVE
CVE
added 2021/06/10 11:15 p.m.48 views

CVE-2020-23303

There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.

9.8CVSS9.4AI score0.00356EPSS
CVE
CVE
added 2023/09/20 10:15 p.m.48 views

CVE-2023-36109

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.

9.8CVSS9.7AI score0.2036EPSS
Total number of security vulnerabilities97