PT-2018-10690 · Espruino · Espruino

Hongxuchen

·

Publicado

2018-05-31

·

Atualizado

2018-06-08

·

CVE-2018-11591

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Espruino versions prior to 1.98
Description The issue allows attackers to cause a denial of service, resulting in an application crash, by providing a user-crafted input file. This crash occurs due to a NULL pointer dereference during syntax parsing. The problem was addressed by adding validation for a debug trace print statement.
Recommendations For versions prior to 1.98, update to version 1.98 or later to resolve the issue.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

CVE-2018-11591

Produtos afetados

Espruino