Bird8693

Name of the Vulnerable Software and Affected Versions: OpenSource Moddable version 10.5.0 Description: A heap buffer overflow was discovered in the `fxIDToString` function at `/moddable/xs/sources/xsSymbol.c`. This issue affects OpenSource Moddable. Recommendations: For OpenSource Moddable version 10.5.0, consider restricting access to the `fxIDToString` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Moddable version 10.5.0 Description: A heap buffer overflow was discovered in the `fx ArrayBuffer` function at `/moddable/xs/sources/xsDataView.c`. This issue affects the Moddable software. Recommendations: For Moddable version 10.5.0, consider disabling the `fx ArrayBuffer` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Moddable version 10.5.0 Description: A buffer over-read issue was discovered in the `fxDebugThrow` function at `/moddable/xs/sources/xsDebug.c`. This issue affects the Moddable software. Recommendations: For Moddable version 10.5.0, consider restricting access to the `fxDebugThrow` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Moddable version 10.5.0 Description: A stack overflow was discovered in the `fxBinaryExpressionNodeDistribute` function at `/moddable/xs/sources/xsTree.c`. This issue affects the Moddable software. Recommendations: For Moddable version 10.5.0, consider restricting access to the `fxBinaryExpressionNodeDistribute` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: OpenSource Moddable version 10.5.0 Description: The issue is related to a stack overflow in the OpenSource Moddable software. This overflow occurs via the component /moddable/xs/sources/xsScript.c. Recommendations: For OpenSource Moddable version 10.5.0, consider updating to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the /moddable/xs/sources/xsScript.c component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: OpenSource Moddable version 10.5.0 Description: A heap buffer overflow was discovered in the `fx String prototype repeat` function at `/moddable/xs/sources/xsString.c`. This issue affects the specified version of OpenSource Moddable. Recommendations: For OpenSource Moddable version 10.5.0, consider disabling the `fx String prototype repeat` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** muJS versions prior to 1.0.8 **Description** The issue is related to a buffer overflow vulnerability due to recursion in the GC scanning phase, which allows remote attackers to cause a denial of service. This is caused by a lack of input validation, leading to potential service disruption. **Recommendations** For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the GC scanning phase to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jsish versions prior to 3.0.8 **Description** The issue is related to an integer overflow vulnerability in the `Jsi ObjArraySizer` function. This vulnerability allows remote attackers to execute arbitrary code. **Recommendations** For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Jsi ObjArraySizer` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** muJS versions prior to 1.0.8 **Description** The issue is related to a buffer overflow vulnerability in the `jsG markobject` function of the `jsgc.c` component in the MuJS JavaScript interpreter. This vulnerability is caused by the lack of input validation when copying a buffer, allowing a remote attacker to cause a denial of service. **Recommendations** For versions prior to 1.0.8, update to version 1.0.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `jsG markobject` function in the `jsgc.c` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jsish versions prior to 3.0.6 **Description** The issue is related to an integer overflow vulnerability in the `Jsi ObjSetLength` function. This vulnerability allows remote attackers to execute arbitrary code. **Recommendations** For versions prior to 3.0.6, update to version 3.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Jsi ObjSetLength` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** QuickJS versions prior to 2020-07-05 release **Description** A Buffer Overflow issue in quickjs.c allows remote attackers to cause denial of service. **Recommendations** For versions prior to the 2020-07-05 release, update to the 2020-07-05 release or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** moddable (affected versions not specified) **Description** The issue was discovered in the fxParserTree function and allows attackers to cause denial of service via a crafted payload. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Espruino versions prior to RELEASE 2V09 **Description** A buffer overflow issue exists in the `jsvGetStringChars` function, allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to RELEASE 2V09, update to RELEASE 2V09 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** jsish versions prior to 3.0.18 **Description** The issue is related to a stack overflow vulnerability in the `jsi evalcode sub` function. This vulnerability allows remote attackers to cause a Denial of Service by providing a crafted value to the `execute` parameter. **Recommendations** For versions prior to 3.0.18, update to version 3.0.18 or later to resolve the issue.