PT-2019-11495 · Samsung · Jerryscript

Dominiakm

Published

2019-07-25

Updated

2021-07-21

CVE-2019-1010176

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: JerryScript versions prior to the version after commit 505dace719aebb3308a3af223cfaa985159efae0

Description: The issue is related to a buffer overflow, which can lead to denial of service and possibly arbitrary code execution. This occurs when executing crafted JavaScript code. The component involved is the lit char to utf8 bytes function, located in jerry-core/lit/lit-char-helpers.c:377.

Recommendations: For versions prior to the fixed version, update to a version after commit 505dace719aebb3308a3af223cfaa985159efae0 to resolve the issue. As a temporary workaround, consider restricting the execution of crafted JavaScript code to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-1010176

Affected Products

Jerryscript

PT-2019-11495 · Samsung · Jerryscript

CVE-2019-1010176

Weakness Enumeration

Related Identifiers

Affected Products

References · 7