CVE-2017-18212

Name of the Vulnerable Software and Affected Versions: JerryScript version 1.0

Description: An issue was discovered in the lit read code unit from hex function in lit/lit-char-helpers.c, which can be exploited via a RegExp("[x0") payload, resulting in a heap-based buffer over-read.

Recommendations: For JerryScript version 1.0, consider restricting the use of the lit read code unit from hex function until a patch is available. Avoid using the RegExp("[x0") payload in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.