CVE-2020-23322

Name of the Vulnerable Software and Affected Versions JerryScript version 2.2.0

Description The issue is related to an assertion in the parser parse object initializer function in the js-parser-expr.c component of the JerryScript JavaScript engine for the Internet of Things. This assertion is related to the context p->token.type variable, specifically the values LEXER RIGHT BRACE, LEXER ASSIGN, and LEXER COMMA. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For JerryScript version 2.2.0, consider disabling the parser parse object initializer function as a temporary workaround until a patch is available. Restrict access to the js-parser-expr.c component to minimize the risk of exploitation. Avoid using the context p->token.type variable in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.