CVE-2023-36109

Name of the Vulnerable Software and Affected Versions JerryScript version 3.0

Description The issue allows remote attackers to execute arbitrary code via the ecma stringbuilder append raw component at /jerry-core/ecma/base/ecma-helpers-string.c. This is a Buffer Overflow vulnerability.

Recommendations For JerryScript version 3.0, consider disabling the ecma stringbuilder append raw component as a temporary workaround until a patch is available. Restrict access to the /jerry-core/ecma/base/ecma-helpers-string.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.