CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
73.2%
JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by:
Buffer Overflow. The impact is: denial of service and possibly arbitrary
code execution. The component is: function lit_char_to_utf8_bytes
(jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing
crafted javascript code. The fixed version is: after commit
505dace719aebb3308a3af223cfaa985159efae0.
Author | Note |
---|---|
sbeattie | iotjs contains an embedded code copy of jerryscript |
github.com/jerryscript-project/jerryscript/commit/505dace719aebb3308a3af223cfaa985159efae0
github.com/jerryscript-project/jerryscript/issues/2476
launchpad.net/bugs/cve/CVE-2019-1010176
nvd.nist.gov/vuln/detail/CVE-2019-1010176
security-tracker.debian.org/tracker/CVE-2019-1010176
www.cve.org/CVERecord?id=CVE-2019-1010176
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
73.2%