PT-2019-14646 · Moddable · Moddable Sdk

Sunlili

Published

2019-09-16

Updated

2021-07-21

CVE-2019-16366

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Moddable SDK OS180329 version 9.0.0

Description The issue is a heap-based buffer overflow in the fxBeginHost function in xsAPI.c when called from fxRunDefine in xsRun.c. This can be triggered by crafted JavaScript code sent to xst.

Recommendations For Moddable SDK OS180329 version 9.0.0, consider restricting access to the fxBeginHost function in xsAPI.c until a patch is available. As a temporary workaround, avoid using the fxRunDefine function in xsRun.c that calls fxBeginHost to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-16366

Affected Products

Moddable Sdk

PT-2019-14646 · Moddable · Moddable Sdk

CVE-2019-16366

Weakness Enumeration

Related Identifiers

Affected Products

References · 3