Hope-Fly

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a heap-use-after-free in the `jsi ValueCopyMove` function located in `src/jsiValue.c`. This can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider restricting access to the `jsi ValueCopyMove` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to an assertion failure in the `jsiEval.c` file of Jsish. Specifically, the assertion `vp != resPtr` fails. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was discovered in Jsish, which can lead to a Denial of Service (DoS). The issue is related to the `Jsi ObjFree` function in the `src/jsiObj.c` file. **Recommendations** For Jsish version 3.5.0, consider applying a patch or fix that addresses the heap-use-after-free issue in the `Jsi ObjFree` function to prevent Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a heap-use-after-free in the `jsi wswebsocketObjFree` function located in `src/jsiWebSocket.c`. This can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider disabling the `jsi wswebsocketObjFree` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was discovered in Jsish, which can lead to a Denial of Service (DoS). The issue is related to the SortSubCmd function in the src/jsiArray.c file. **Recommendations** For Jsish version 3.5.0, consider applying a patch or fix that addresses the heap-use-after-free issue in the SortSubCmd function to prevent Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was discovered in Jsish, which can lead to a Denial of Service (DoS). The issue is related to the `/usr/lib/x86 64-linux-gnu/libasan.so.4+0x79732` endpoint. **Recommendations** For Jsish version 3.5.0, as a temporary workaround, consider restricting access to the affected endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a SEGV vulnerability via `Jsi CommandPkgOpts` at `src/jsiCmds.c`, which can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider disabling the `Jsi CommandPkgOpts` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a heap-use-after-free in the `DeleteTreeValue` function located in `src/jsiObj.c`. This can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider disabling the `DeleteTreeValue` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A SEGV issue was found in Jsish via the NumberConstructor at src/jsiNumber.c, which can cause a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a heap-use-after-free in `jsi UserObjDelete` in the file `src/jsiUserObj.c`. This can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider disabling the `jsi UserObjDelete` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was found in Jsish via the `jsi ValueLookupBase` function in `src/jsiValue.c`. This can cause a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider applying a patch or fix to address the heap-use-after-free issue in the `jsi ValueLookupBase` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was discovered in Jsish via the `jsi ArgTypeCheck` function in `src/jsiFunc.c`. This can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a SEGV vulnerability via `Jsi FunctionInvoke` at `src/jsiFunc.c`, which can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider disabling the `Jsi FunctionInvoke` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was discovered, which can lead to a Denial of Service (DoS). The issue is related to the API endpoint, however no specific endpoint is mentioned, but it involves the library /usr/lib/x86 64-linux-gnu/libasan.so.4+0x5166d. **Recommendations** For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A heap-use-after-free issue was discovered in Jsish, which can lead to a Denial of Service (DoS). The issue is related to the `Jsi DecrRefCount` function in the `src/jsiValue.c` file. **Recommendations** For Jsish version 3.5.0, consider applying a patch or fix that addresses the heap-use-after-free issue in the `Jsi DecrRefCount` function to prevent Denial of Service (DoS) attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a heap-use-after-free vulnerability via `Jsi IncrRefCount` in `src/jsiValue.c`, which can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a SEGV vulnerability via `Jsi ValueIsNumber` at `src/jsiValue.c`, which can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, as a temporary workaround, consider disabling the `Jsi ValueIsNumber` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** The issue is related to a SEGV vulnerability via the `jsi ArraySpliceCmd` function at `src/jsiArray.c`. This can lead to a Denial of Service (DoS). **Recommendations** For Jsish version 3.5.0, consider disabling the `jsi ArraySpliceCmd` function as a temporary workaround until a patch is available. Restrict access to the `src/jsiArray.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A SEGV issue was found in Jsish via the `jsi ArrayConcatCmd` function at `src/jsiArray.c`, which can cause a Denial of Service (DoS). **Recommendations** For version 3.5.0, consider disabling the `jsi ArrayConcatCmd` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.5.0 **Description** A stack overflow issue was discovered in Jsish. The issue occurs via the `/usr/lib/x86 64-linux-gnu/libasan.so.4+0x5b1e5` library. No information is available about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Jsish version 3.5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.