CVE-2018-11592

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.

Ссылки

https://github.com/espruino/Espruino/commit/8a44b04b584b3d3ab1cb68fed410f7ecb165e50e
Patch
Vendor Advisory
https://github.com/espruino/Espruino/files/2015630/test_0.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/issues/1421
Issue Tracking
Vendor Advisory
https://github.com/espruino/Espruino/commit/8a44b04b584b3d3ab1cb68fed410f7ecb165e50e
Patch
Vendor Advisory
https://github.com/espruino/Espruino/files/2015630/test_0.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/issues/1421
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:espruino:espruino:*:*:*:*:*:*:*:*

Версия до 1.98 (исключая)

EPSS

Процентиль: 37%

0.00155

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-w5f9-h8mf-57hw