PT-2018-6740 · Jerryscript · Jerryscript

Zhunkio

Published

2018-03-01

Updated

2019-10-03

CVE-2017-18212

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: JerryScript version 1.0

Description: An issue was discovered in the lit read code unit from hex function in lit/lit-char-helpers.c, which can be exploited via a RegExp("[x0") payload, resulting in a heap-based buffer over-read.

Recommendations: For JerryScript version 1.0, consider restricting the use of the lit read code unit from hex function until a patch is available. Avoid using the RegExp("[x0") payload in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2017-18212

Affected Products

Jerryscript

PT-2018-6740 · Jerryscript · Jerryscript

CVE-2017-18212

Weakness Enumeration

Related Identifiers

Affected Products

References · 6