Vulnerabilities > CVE-2020-25465 - NULL Pointer Dereference vulnerability in Moddable

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

moddable

CWE-476

NVD

Published: 2020-12-04

Updated: 2020-12-04

Summary

Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).

Vulnerable Configurations

Part	Description	Count
Application	Moddable Moddable Moddable Os180328 Moddable Moddable Os180329 Moddable Moddable Os200831 Moddable Moddable Os200903 Moddable Moddable Os200904	5

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/Moddable-OpenSource/moddable/issues/442
https://github.com/Moddable-OpenSource/moddable/releases/tag/OS200908