PT-2020-13902 · Jerryscript · Jerryscript
Nszetei
·
Published
2020-06-15
·
Updated
2021-07-21
·
CVE-2020-14163
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JerryScript version 2.2.0
Description
An issue was discovered in ecma/operations/ecma-container-object.c where operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation. This is demonstrated by improper read access to memory in ecma gc set object visited in ecma/base/ecma-gc.c.
Recommendations
For JerryScript version 2.2.0, as a temporary workaround, consider restricting access to the
ecma gc set object visited function in ecma/base/ecma-gc.c until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jerryscript