Kvenux

**Name of the Vulnerable Software and Affected Versions** Moddable SDK versions prior to OS200908 **Description** The issue is related to an invalid memory access in the `fxProxyGetter` function in `moddable/xs/sources/xsProxy.c`, which causes a denial of service (SEGV). **Recommendations** For Moddable SDK versions prior to OS200908, update to a version after OS200908 to resolve the issue. As a temporary workaround, consider restricting access to the `fxProxyGetter` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moddable SDK versions prior to OS200903 **Description** The issue is related to a heap buffer overflow in the `fxCheckArrowFunction` function at moddable/xs/sources/xsSyntaxical.c:3562. **Recommendations** For Moddable SDK versions prior to OS200903, update to a version that includes the fix for the heap buffer overflow in the `fxCheckArrowFunction` function.

**Name of the Vulnerable Software and Affected Versions** Moddable SDK versions prior to OS200908 **Description** The issue is related to an invalid memory access in the fxUTF8Decode function at moddable/xs/sources/xsCommon.c:916, which causes a denial of service (SEGV). **Recommendations** For Moddable SDK versions prior to OS200908, update to a version that includes the fix for the invalid memory access issue in the fxUTF8Decode function.

**Name of the Vulnerable Software and Affected Versions** Moddable SDK versions prior to 20200903 **Description** The issue is related to a heap buffer overflow at moddable/xs/sources/xsDebug.c. This overflow occurs while creating a stack frame, resulting in the top stack frame being only partially initialized. The consequence is a crash in the code that sends the stack frame to the debugger. **Recommendations** For versions prior to 20200903, update to a version 20200903 or later to resolve the issue. As a temporary workaround, consider disabling the debugging functionality that utilizes the xsDebug.c module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moddable SDK versions prior to OS200908 **Description** The issue is related to a Null Pointer Dereference in the `xObjectBindingFromExpression` function at `moddable/xs/sources/xsSyntaxical.c:3419`. This causes a denial of service (SEGV). **Recommendations** For Moddable SDK versions prior to OS200908, update to a version OS200908 or later to resolve the issue.