PT-2020-6417 · Unknown · Jerryscript
Owl337
·
Published
2020-06-03
·
Updated
2021-06-15
·
CVE-2020-23320
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
JerryScript version 2.2.0
Description
The issue is related to an assertion in the
parser parse function arguments function in JerryScript, specifically in the js-parser.c component. This assertion is context p->next scanner info p->type == SCANNER TYPE FUNCTION. The vulnerability is due to insufficient use of the assert() function. Exploitation of this issue could allow a remote attacker to cause a denial of service.Recommendations
For JerryScript version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jerryscript