Lucene search

Ubuntu.comUB:CVE-2020-24187

HistoryAug 11, 2023 - 12:00 a.m.

CVE-2020-24187

2023-08-1100:00:00

ubuntu.com

jerryscript

version 2.3.0

denial of service

null pointer dereference

unix

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.4%

JSON

An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0,
allows local attackers to cause a denial of service (DoS) (Null Pointer
Dereference).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchiotjs< anyUNKNOWN
ubuntu22.04noarchiotjs< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	iotjs	< any	UNKNOWN
ubuntu	22.04	noarch	iotjs	< any	UNKNOWN

References

github.com/Aurorainfinity/Poc/tree/master/jerryscript/NULL-dereference-ecma_get_lex_env_type

github.com/jerryscript-project/jerryscript/issues/4076

launchpad.net/bugs/cve/CVE-2020-24187

nvd.nist.gov/vuln/detail/CVE-2020-24187

security-tracker.debian.org/tracker/CVE-2020-24187

www.cve.org/CVERecord?id=CVE-2020-24187

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for UB:CVE-2020-24187