PT-2020-6414 · Unknown · Jerryscript

Chong

Published

2020-06-01

Updated

2021-06-16

CVE-2020-23313

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions JerryScript version 2.2.0

Description The issue is related to the scanner literal is created function in the js-scanner-util.c component of the JerryScript JavaScript engine for Internet of Things (IoT). It is caused by insufficient use of the assert() function. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For JerryScript version 2.2.0, consider disabling the scanner literal is created function as a temporary workaround until a patch is available. Restrict access to the js-scanner-util.c component to minimize the risk of exploitation. Avoid using the scanner literal is created function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2021-04634

CVE-2020-23313

Affected Products

Jerryscript

PT-2020-6414 · Unknown · Jerryscript

CVE-2020-23313

Weakness Enumeration

Related Identifiers

Affected Products

References · 8