Vulnerabilities > CVE-2020-13649 - Reachable Assertion vulnerability in Jerryscript 2.2.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
- https://github.com/jerryscript-project/jerryscript/issues/3786
- https://github.com/jerryscript-project/jerryscript/issues/3788
- https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
- https://github.com/jerryscript-project/jerryscript/issues/3788
- https://github.com/jerryscript-project/jerryscript/issues/3786