CVE-2021-42863

Опубликовано: 12 мая 2022

Источник: debian

Описание

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
iotjs	removed			package
iotjs	not-affected		buster	package

Примечания

https://github.com/jerryscript-project/jerryscript/issues/4793
https://github.com/jerryscript-project/jerryscript/pull/4794
https://github.com/jerryscript-project/jerryscript/commit/4e8d6344a8b5cf8f00bd3d5e869147af06d0189e

Связанные уязвимости

CVE-2021-42863

CVSS3: 9.8

ubuntu

больше 3 лет назад

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

CVE-2021-42863

CVSS3: 9.8

nvd

больше 3 лет назад

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

GHSA-8264-28h8-qcwg

CVSS3: 9.8

github

больше 3 лет назад

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.