PT-2019-11495 · Samsung · Jerryscript
Dominiakm
·
Publicado
2019-07-25
·
Atualizado
2021-07-21
·
CVE-2019-1010176
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
JerryScript versions prior to the version after commit 505dace719aebb3308a3af223cfaa985159efae0
Description:
The issue is related to a buffer overflow, which can lead to denial of service and possibly arbitrary code execution. This occurs when executing crafted JavaScript code. The component involved is the
lit char to utf8 bytes function, located in jerry-core/lit/lit-char-helpers.c:377.Recommendations:
For versions prior to the fixed version, update to a version after commit 505dace719aebb3308a3af223cfaa985159efae0 to resolve the issue. As a temporary workaround, consider restricting the execution of crafted JavaScript code to minimize the risk of exploitation.
Exploit
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jerryscript