CVE-2018-1000663

Name of the Vulnerable Software and Affected Versions jsish version 2.4.70

Description The issue is related to a Buffer Overflow in the jsi evalcode function from jsiEval.c, which can cause a Crash due to a segmentation fault. This can be exploited by executing crafted JavaScript code.

Recommendations For jsish version 2.4.70, as a temporary workaround, consider disabling the execution of external JavaScript code until a patch is available. Restrict access to the jsi evalcode function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.