Vulnerabilities > Espruino > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-05 CVE-2022-25044 Out-of-bounds Write vulnerability in Espruino 2.11.251
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
network
espruino CWE-787
6.8
6.8
2022-03-05 CVE-2022-25465 Out-of-bounds Write vulnerability in Espruino 2.11
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.
network
espruino CWE-787
6.8
6.8
2022-01-20 CVE-2021-46323 Unspecified vulnerability in Espruino 2.11.251
Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.
network
espruino
4.3
4.3
2022-01-20 CVE-2021-46324 Out-of-bounds Write vulnerability in Espruino 2.11.251
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
network
espruino CWE-787
6.8
6.8
2022-01-20 CVE-2021-46325 Out-of-bounds Write vulnerability in Espruino 2.10.246
Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf.
network
espruino CWE-787
6.8
6.8
2018-05-31 CVE-2018-11598 Out-of-bounds Read vulnerability in Espruino
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
network
espruino CWE-125
5.8
5.8
2018-05-31 CVE-2018-11597 Uncontrolled Recursion vulnerability in Espruino
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
network
espruino CWE-674
4.3
4.3
2018-05-31 CVE-2018-11596 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Espruino
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.
network
espruino CWE-119
4.3
4.3
2018-05-31 CVE-2018-11595 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Espruino
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
network
espruino CWE-119
6.8
6.8
2018-05-31 CVE-2018-11594 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Espruino
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
network
espruino CWE-119
4.3
4.3