Lucene search

Ubuntu.comUB:CVE-2023-38961

HistoryAug 21, 2023 - 12:00 a.m.

CVE-2023-38961

2023-08-2100:00:00

ubuntu.com

cve-2023-38961

remote code execution

jerryscript project

unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.3%

JSON

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0
allows a remote attacker to execute arbitrary code via the
scanner_is_context_needed component in js-scanner-until.c.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchiotjs< anyUNKNOWN
ubuntu22.04noarchiotjs< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	iotjs	< any	UNKNOWN
ubuntu	22.04	noarch	iotjs	< any	UNKNOWN

References

github.com/jerryscript-project/jerryscript/issues/5092

launchpad.net/bugs/cve/CVE-2023-38961

nvd.nist.gov/vuln/detail/CVE-2023-38961

security-tracker.debian.org/tracker/CVE-2023-38961

www.cve.org/CVERecord?id=CVE-2023-38961

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

75.3%

JSON

Related for UB:CVE-2023-38961