Ye0Nny

**Nome do software vulnerável e versões afetadas** Espruino versão 2v20 (commit fcc9ba4) **Descrição** Foi descoberta uma vulnerabilidade de tipo Stack Overflow no Espruino por meio da função `jspeFactorFunctionCall` em `src/jsparse.c`. **Recomendações** Para a versão 2v20 do Espruino (commit fcc9ba4), considere desativar a função `jspeFactorFunctionCall` como uma solução temporária até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Jsish versão 3.5.0 **Descrição** Foi descoberta uma vulnerabilidade do tipo “use-after-free” no Jsish por meio da função SplitChar em ./src/jsiUtils.c. **Recomendações** Para a versão 3.5.0 do Jsish, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Jsish versão 3.5.0 **Descrição** Foi descoberta uma vulnerabilidade de estouro de buffer de heap no Jsish. A vulnerabilidade está localizada em ./src/jsiUtils.c. **Recomendações** Para a versão 3.5.0 do Jsish, no momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Espruino versão 2v20 (commit fcc9ba4) **Descrição** O problema está relacionado a uma leitura fora dos limites (Out-of-bounds Read) por meio da função `jsvStringIteratorPrintfCallback` em `src/jsvar.c`. **Recomendações** Para a versão 2v20 do Espruino (commit fcc9ba4), considere restringir o acesso à função `jsvStringIteratorPrintfCallback` até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Jsish versão 3.5.0 **Descrição** Foi detectada uma vulnerabilidade de estouro de pilha no Jsish por meio do componente `IterGetKeysCallback`, localizado em `/jsish/src/jsiValue.c`. **Recomendações** Para o Jsish versão 3.5.0, considere desativar o componente `IterGetKeysCallback` como uma solução temporária até que um patch esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** jerryscript version 3.0.0 **Description** A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the `scanner is context needed` component in `js-scanner-until.c`. This enables the attacker to potentially gain control over the system. **Recommendations** For jerryscript version 3.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** The issue is related to an Assertion Failure in the `parser parse for statement start` function at `jerry-core/parser/js/js-parser-statm.c`. This failure can occur due to a problem in the parsing mechanism of Jerryscript. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider disabling the `parser parse for statement start` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** An Assertion Failure was discovered in Jerryscript via the `ecma property hashmap create` function at `jerry-core/ecma/base/ecma-property-hashmap.c`. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider disabling the `ecma property hashmap create` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** An Assertion Failure was discovered in Jerryscript via the `ecma big uint div mod` function at `jerry-core/ecma/operations/ecma-big-uint.c`. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider restricting the use of the `ecma big uint div mod` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 *commit 1a2c047) **Description** An Assertion Failure was discovered in Jerryscript via the component `parser parse class` at `jerry-core/parser/js/js-parser-expr.c`. **Recommendations** For Jerryscript version 3.0 *commit 1a2c047), consider restricting access to the `parser parse class` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** The issue is related to an out-of-memory problem in the `malloc` function. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider restricting memory allocation to prevent out-of-memory issues until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 1a2c047) **Description** An Assertion Failure was discovered in Jerryscript via the `jmem heap finalize` function at `jerry-core/jmem/jmem-heap.c`. **Recommendations** For Jerryscript version 3.0 (commit 1a2c047), consider disabling the `jmem heap finalize` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 1a2c047) **Description** An Assertion Failure was discovered in Jerryscript via the `parser parse function arguments` at `jerry-core/parser/js/js-parser.c`. **Recommendations** For Jerryscript version 3.0 (commit 1a2c047), consider restricting access to the `parser parse function arguments` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** An Assertion Failure was discovered in Jerryscript via the `jcontext raise exception` at `jerry-core/jcontext/jcontext.c`. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider restricting access to the `jcontext raise exception` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** An Assertion Failure was discovered in Jerryscript via the `vm loop` at `jerry-core/vm/vm.c`. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider restricting access to the `vm loop` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QuickJS version 2788d71 **Description** A stack-overflow issue was discovered in QuickJS via the `js proxy isArray` component at quickjs.c. **Recommendations** For QuickJS version 2788d71, consider disabling the `js proxy isArray` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0.0(commit 1a2c047) **Description** A heap-buffer-overflow issue was discovered in the `lexer compare identifier to chars` component at `/jerry-core/parser/js/js-lexer.c`. This issue affects the lexer functionality of the software. **Recommendations** For Jerryscript version 3.0.0(commit 1a2c047), consider restricting access to the `lexer compare identifier to chars` component until a patch is available. As a temporary workaround, avoid using the affected functionality in the `/jerry-core/parser/js/js-lexer.c` file. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** A heap-buffer-overflow issue was discovered in the parser parse function statement component at /jerry-core/parser/js/js-parser-statm.c. This issue affects the parsing of function statements. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), consider restricting access to the parser parse function statement component until a patch is available. As a temporary workaround, avoid using the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0 (commit 05dbbd1) **Description** A heap-buffer-overflow issue was discovered in the ecma builtin typedarray prototype sort component. **Recommendations** For Jerryscript version 3.0 (commit 05dbbd1), as a temporary workaround, consider disabling the `ecma builtin typedarray prototype sort` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 3.0.0 **Description** A heap-buffer-overflow issue was discovered in Jerryscript via the component `scanner literal is created` at `/jerry-core/parser/js/js-scanner-util.c`. **Recommendations** For Jerryscript version 3.0.0, consider restricting access to the `scanner literal is created` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.