CVE-2020-23312

Name of the Vulnerable Software and Affected Versions JerryScript version 2.2.0

Description The issue is related to the parser parse source function in the js-parser.c component of the JerryScript JavaScript engine for Internet of Things (IoT) devices. It involves an assertion failure, specifically 'context.status flags & PARSER SCANNING SUCCESSFUL' at line 2185 in js-parser.c. This vulnerability may allow a remote attacker to cause a denial of service due to insufficient use of the assert() function.

Recommendations For JerryScript version 2.2.0, as a temporary workaround, consider disabling the parser parse source function until a patch is available. Restrict access to the js-parser.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.