Описание
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:jerryscript:jerryscript:1.0:-:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02382
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
EPSS
Процентиль: 85%
0.02382
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-476