PT-2019-14646 · Moddable · Moddable Sdk
Sunlili
·
Publicado
2019-09-16
·
Atualizado
2021-07-21
·
CVE-2019-16366
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Moddable SDK OS180329 version 9.0.0
Description
The issue is a heap-based buffer overflow in the
fxBeginHost function in xsAPI.c when called from fxRunDefine in xsRun.c. This can be triggered by crafted JavaScript code sent to xst.Recommendations
For Moddable SDK OS180329 version 9.0.0, consider restricting access to the
fxBeginHost function in xsAPI.c until a patch is available. As a temporary workaround, avoid using the fxRunDefine function in xsRun.c that calls fxBeginHost to minimize the risk of exploitation.Exploit
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moddable Sdk