Vulnerabilities > CVE-2020-24345 - Out-of-bounds Write vulnerability in Jerryscript

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

jerryscript

CWE-787

NVD

Published: 2020-08-13

Updated: 2024-04-11

Summary

JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option

Vulnerable Configurations

Part	Description	Count
Application	Jerryscript Jerryscript Jerryscript - Jerryscript Jerryscript 1.0 Jerryscript Jerryscript 2.0 Jerryscript Jerryscript 2.1.0 Jerryscript Jerryscript 2.2.0 Jerryscript Jerryscript 2.3.0	8

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/jerryscript-project/jerryscript/issues/3977