Os200831

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

moddable

CWE-787

NVD

Published: 2020-12-04

Updated: 2020-12-04

Summary

Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.

Vulnerable Configurations

Part	Description	Count
Application	Moddable Moddable Moddable Os180328 Moddable Moddable Os180329 Moddable Moddable Os200831	3

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/Moddable-OpenSource/moddable/issues/431