Vulnerabilities > Jerryscript

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2021-41959 Memory Leak vulnerability in Jerryscript
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
network
low complexity
jerryscript CWE-401
5.0
2022-04-07 CVE-2021-43453 Out-of-bounds Write vulnerability in Jerryscript
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file.
network
low complexity
jerryscript CWE-787
7.5
2022-04-05 CVE-2021-41751 Classic Buffer Overflow vulnerability in Jerryscript
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.
network
low complexity
jerryscript CWE-120
7.5
2022-04-05 CVE-2021-41752 Out-of-bounds Write vulnerability in Jerryscript
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
network
low complexity
jerryscript CWE-787
7.5
2022-02-17 CVE-2022-22901 Reachable Assertion vulnerability in Jerryscript
There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.
4.3
2022-01-25 CVE-2021-44988 Out-of-bounds Write vulnerability in Jerryscript 3.0.0
Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.
6.8
2022-01-25 CVE-2021-44992 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 3.0.0
There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.
4.3
2022-01-25 CVE-2021-44993 Reachable Assertion vulnerability in Jerryscript 3.0.0
There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0.
4.3
2022-01-25 CVE-2021-44994 Reachable Assertion vulnerability in Jerryscript 3.0.0
There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.
4.3
2022-01-21 CVE-2022-22891 Unspecified vulnerability in Jerryscript 3.0.0
Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.
network
jerryscript
4.3