Owl337

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.4.0 **Description** The issue is related to a heap-use-after-free in the `ecma is lexical environment` function in the ecma-helpers.c file. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.4.0, as a temporary workaround, consider disabling the `ecma is lexical environment` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.4.0 **Description** The issue is related to a heap-buffer-overflow in the `lexer parse number` function in the `js-lexer.c` file. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For JerryScript version 2.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `lexer parse number` function in the `js-lexer.c` file until a patch is available. Restrict access to the `js-lexer.c` file to minimize the risk of exploitation. Avoid using the `lexer parse number` function in the affected JerryScript version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.4.0 **Description** The issue is related to a buffer overflow in the `ecma deref bigint` function of the `ecma-helpers.c` file. This can be exploited by a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For JerryScript version 2.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.4.0 **Description** The issue is related to a heap-use-after-free in the `ecma bytecode ref` function of the `ecma-helpers.c` file. This can be exploited by a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For JerryScript version 2.4.0, as a temporary workaround, consider disabling the `ecma bytecode ref` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to a heap-buffer-overflow in the `lit read code unit from utf8` function of the `lit-strings.c` component in JerryScript. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability is associated with writing beyond the buffer boundaries. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an assertion in the `parser parse function arguments` function in JerryScript, specifically in the `js-parser.c` component. This assertion is `context p->next scanner info p->type == SCANNER TYPE FUNCTION`. The vulnerability is due to insufficient use of the `assert()` function. Exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an assertion in the `parser emit cbc backward branch` function in the js-parser-util.c component of the JerryScript engine for the Internet of Things. This assertion is `'(flags >> CBC STACK ADJUST SHIFT) >= CBC STACK ADJUST BASE || (CBC STACK ADJUST BASE - (flags >> CBC STACK ADJUST SHIFT)) <= context p->stack depth'`. The vulnerability is associated with insufficient use of the `assert()` function. Exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, as a temporary workaround, consider disabling the `parser emit cbc backward branch` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to the `parser parse source` function in the `js-parser.c` component of the JerryScript JavaScript engine for Internet of Things (IoT) devices. It involves an assertion failure, specifically 'context.status flags & PARSER SCANNING SUCCESSFUL' at line 2185 in `js-parser.c`. This vulnerability may allow a remote attacker to cause a denial of service due to insufficient use of the `assert()` function. **Recommendations** For JerryScript version 2.2.0, as a temporary workaround, consider disabling the `parser parse source` function until a patch is available. Restrict access to the `js-parser.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to the `parser parse try statement end` function in the `js-parser-statm.c` component of the JerryScript JavaScript engine for the Internet of Things. It involves an insufficient use of the `assert()` function, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, consider applying a patch or fix that properly implements the `assert()` function in the `parser parse try statement end` function to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an incorrect comparison in the `parser parse function statement` function of the `js-parser-statm.c` component in the JerryScript JavaScript engine for the Internet of Things. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to the `scanner literal is created` function in the `js-scanner-util.c` component of the JerryScript JavaScript engine for Internet of Things (IoT). It is caused by insufficient use of the `assert()` function. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, consider disabling the `scanner literal is created` function as a temporary workaround until a patch is available. Restrict access to the `js-scanner-util.c` component to minimize the risk of exploitation. Avoid using the `scanner literal is created` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to an incorrect comparison in the `parser parse object initializer` function of the `js-parser-expr.c` component in JerryScript. This could potentially allow a remote attacker to cause a denial of service. The comparison involves checking the `context p->token.type` against specific values, including `LEXER RIGHT BRACE`, `LEXER ASSIGN`, and `LEXER COMMA`. **Recommendations** For JerryScript version 2.2.0, as a temporary workaround, consider disabling the `parser parse object initializer` function until a patch is available. Restrict access to the `js-parser-expr.c` component to minimize the risk of exploitation. Avoid using the `context p->token.type` variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to the `parser parse expression` function in the `js-parser-expr.c` component of the JerryScript JavaScript engine for Internet of Things (IoT) devices. It is caused by insufficient use of the `assert()` function. Exploitation of this issue could allow a remote attacker to cause a denial of service. **Recommendations** For JerryScript version 2.2.0, consider disabling the `parser parse expression` function as a temporary workaround until a patch is available. Restrict access to the `js-parser-expr.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JerryScript version 2.2.0 **Description** The issue is related to a heap-use-after-free in the `ecma ref ecma string` function at ecma-helpers-string.c:772. This can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.14rc0 **Description** The issue is related to an illegal address access in the `find cc()` function located in `asm/preproc.c`. This access can lead to a remote denial of service attack. The cause is attributed to the lack of validation of pointers associated with `skip white ` calls. **Recommendations** For Netwide Assembler (NASM) version 2.14rc0, consider disabling the `find cc()` function as a temporary workaround until a patch is available. Restrict access to the `asm/preproc.c` module to minimize the risk of exploitation. Avoid using the `skip white ` calls in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.14rc0 **Description** The issue is related to a heap-based buffer over-read in the `detoken()` function located in `asm/preproc.c`. This could lead to a remote denial of service attack. **Recommendations** For Netwide Assembler (NASM) version 2.14rc0, consider disabling the `detoken()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.14rc0 **Description** The issue is related to a use-after-free in the `pp list one macro` function in `asm/preproc.c`, which can lead to a remote denial of service attack. This is due to the mishandling of operand-type errors. **Recommendations** For Netwide Assembler (NASM) version 2.14rc0, consider disabling the `pp list one macro` function in `asm/preproc.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.14rc0 **Description** The issue is related to a use-after-free error in the `pp list one macro` function, located in `asm/preproc.c`. This error can lead to a remote denial of service (DoS) due to the incorrect handling of line syntax errors. **Recommendations** For Netwide Assembler (NASM) version 2.14rc0, consider disabling the `pp list one macro` function as a temporary workaround until a patch is available. Restrict the use of the `asm/preproc.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.14rc0 **Description** The issue is related to a "SEGV on unknown address" that can cause a remote denial of service attack. This occurs because the asm/preproc.c file mishandles macro calls that have the wrong number of arguments. **Recommendations** For Netwide Assembler (NASM) version 2.14rc0, consider avoiding the use of macro calls with incorrect argument numbers until a patch is available. As a temporary workaround, restrict the use of the `asm/preproc.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.14rc0 **Description** The issue is related to a heap-based buffer over-read that could lead to a remote denial of service attack. This is connected to a while loop in the `paste tokens` function located in `asm/preproc.c`. **Recommendations** For Netwide Assembler (NASM) version 2.14rc0, consider restricting access to the `paste tokens` function in `asm/preproc.c` to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.