Vulnerabilities > Jerryscript > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-36109 Classic Buffer Overflow vulnerability in Jerryscript 3.0
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
network
low complexity
jerryscript CWE-120
critical
 9.8
9.8
2023-08-21 CVE-2023-38961 Out-of-bounds Write vulnerability in Jerryscript 3.0.0
Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.
network
low complexity
jerryscript CWE-787
critical
 9.8
9.8
2023-07-03 CVE-2020-22597 Unspecified vulnerability in Jerryscript 2.3.0
An issue in Jerrscript- project Jerryscrip v.
network
low complexity
jerryscript
critical
 9.8
9.8
2022-04-07 CVE-2021-43453 Out-of-bounds Read vulnerability in Jerryscript
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file.
network
low complexity
jerryscript CWE-125
critical
 9.8
9.8
2022-04-05 CVE-2021-41752 Uncontrolled Recursion vulnerability in Jerryscript
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
network
low complexity
jerryscript CWE-674
critical
 9.8
9.8