CVE-2018-11598

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 7.1

CVSS2: 5.8

EPSS Низкий

Описание

Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.

Ссылки

https://github.com/espruino/Espruino/commit/bf4416ab9129ee3afd56739ea4e3cd0da5484b6b
Patch
Vendor Advisory
https://github.com/espruino/Espruino/files/2025956/test_0.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/files/2025963/test_1.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/files/2025968/test_2.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/issues/1437
Issue Tracking
Vendor Advisory
https://github.com/espruino/Espruino/commit/bf4416ab9129ee3afd56739ea4e3cd0da5484b6b
Patch
Vendor Advisory
https://github.com/espruino/Espruino/files/2025956/test_0.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/files/2025963/test_1.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/files/2025968/test_2.txt
Exploit
Vendor Advisory
https://github.com/espruino/Espruino/issues/1437
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:espruino:espruino:*:*:*:*:*:*:*:*

Версия до 1.99 (исключая)

EPSS

Процентиль: 51%

0.0028

Низкий

7.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-g5hj-fh2h-5x5v