PT-2019-11492 · Jsish · Jsish
Published
2019-07-25
·
Updated
2019-08-01
·
CVE-2019-1010172
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Jsish version 2.4.84
Description:
The issue is related to Uncontrolled Resource Consumption, which can lead to a denial of service. It is caused by executing crafted JavaScript code, specifically affecting the
jsiValueGetString function in jsiUtils.c.Recommendations:
For Jsish version 2.4.84, update to a version after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39 to resolve the issue. As a temporary workaround, consider restricting the execution of crafted JavaScript code to minimize the risk of exploitation.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jsish