Chong

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.4.0 **Description** The issue is related to a buffer overflow in the `ecma deref bigint` function of the `ecma-helpers.c` file. This can be exploited by a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For JerryScript version 2.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.4.0 **Description** The issue is related to insufficient checking of unusual or exceptional states in the `main print unhandled exception` function of the `main-utils.c` file. This can be exploited by a remote attacker to cause a denial of service. The `main print unhandled exception` function is part of the JerryScript engine for the Internet of Things. **Recommendations** For JerryScript version 2.4.0, consider disabling the `main print unhandled exception` function in the `main-utils.c` file as a temporary workaround until a patch is available. Restrict access to the `main-utils.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to a heap-buffer-overflow in the `re parse char escape` function of the `re-parser.c` component in JerryScript. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an assertion in the `parser emit cbc backward branch` function in the js-parser-util.c component of the JerryScript engine for the Internet of Things. This assertion is `'(flags >> CBC STACK ADJUST SHIFT) >= CBC STACK ADJUST BASE || (CBC STACK ADJUST BASE - (flags >> CBC STACK ADJUST SHIFT)) <= context p->stack depth'`. The vulnerability is associated with insufficient use of the `assert()` function. Exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, as a temporary workaround, consider disabling the `parser emit cbc backward branch` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to the `scanner literal is created` function in the `js-scanner-util.c` component of the JerryScript JavaScript engine for Internet of Things (IoT). It is caused by insufficient use of the `assert()` function. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, consider disabling the `scanner literal is created` function as a temporary workaround until a patch is available. Restrict access to the `js-scanner-util.c` component to minimize the risk of exploitation. Avoid using the `scanner literal is created` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an incorrect comparison in the `parser parse function statement` function of the `js-parser-statm.c` component in the JerryScript JavaScript engine for the Internet of Things. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an incorrect comparison in the `parser parse statements` function of the `js-parser-statm.c` component in the JerryScript JavaScript engine for the Internet of Things. This could potentially allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, as a temporary workaround, consider disabling the `parser parse statements` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to the `parser parse expression` function in the `js-parser-expr.c` component of the JerryScript JavaScript engine for Internet of Things (IoT) devices. It is caused by insufficient use of the `assert()` function. Exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, consider disabling the `parser parse expression` function as a temporary workaround until a patch is available. Restrict access to the `js-parser-expr.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to a stack-overflow in the `ecma regexp match` function at ecma-regexp-object.c:535. This vulnerability is associated with a buffer overflow record and can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to a heap-buffer-overflow in the `jmem pools collect empty` function of the `jmem-poolman.c` component in JerryScript. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.