CVE-2018-11597

Name of the Vulnerable Software and Affected Versions Espruino versions prior to 1.99

Description The issue allows attackers to cause a denial of service, resulting in an application crash, by providing a user-crafted input file. This is due to a Buffer Overflow that occurs during syntax parsing when many '{' characters are present in the jsparse.c file, caused by a missing check for stack exhaustion.

Recommendations For versions prior to 1.99, update to version 1.99 or later to resolve the issue. As a temporary workaround, consider restricting the use of input files that may contain many '{' characters to minimize the risk of exploitation.