exploitDog

CVE-2018-1000668

Опубликовано: 06 сент. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71.

Ссылки

https://jsish.org/fossil/jsi/tktview?name=9602dbd997
Patch
Vendor Advisory
https://jsish.org/fossil/jsi/tktview?name=9602dbd997
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jsish:jsish:2.4.70_2.047:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00372

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-62rf-g5f7-frmw

CVSS3: 6.5

github

больше 3 лет назад

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71.

EPSS

Процентиль: 58%

0.00372

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125