Vulnerabilities > Jerryscript > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-36109 Classic Buffer Overflow vulnerability in Jerryscript 3.0
Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.
network
low complexity
jerryscript CWE-120
critical
 9.8
9.8
2023-08-21 CVE-2023-38961 Out-of-bounds Write vulnerability in Jerryscript 3.0.0
Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.
network
low complexity
jerryscript CWE-787
critical
 9.8
9.8
2023-07-03 CVE-2020-22597 Unspecified vulnerability in Jerryscript 2.3.0
An issue in Jerrscript- project Jerryscrip v.
network
low complexity
jerryscript
critical
 9.8
9.8
2022-05-12 CVE-2021-42863 Classic Buffer Overflow vulnerability in Jerryscript
A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.
network
low complexity
jerryscript CWE-120
critical
 9.8
9.8
2022-04-07 CVE-2021-43453 Out-of-bounds Read vulnerability in Jerryscript
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file.
network
low complexity
jerryscript CWE-125
critical
 9.8
9.8
2022-04-05 CVE-2021-41751 Classic Buffer Overflow vulnerability in Jerryscript
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.
network
low complexity
jerryscript CWE-120
critical
 9.8
9.8
2022-04-05 CVE-2021-41752 Uncontrolled Recursion vulnerability in Jerryscript
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
network
low complexity
jerryscript CWE-674
critical
 9.8
9.8
2021-06-10 CVE-2020-23302 Use After Free vulnerability in Jerryscript 2.2.0
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0
network
low complexity
jerryscript CWE-416
critical
 9.8
9.8
2021-06-10 CVE-2020-23303 Out-of-bounds Write vulnerability in Jerryscript 2.2.0
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.
network
low complexity
jerryscript CWE-787
critical
 9.8
9.8
2021-06-10 CVE-2020-23306 Out-of-bounds Write vulnerability in Jerryscript 2.2.0
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.
network
low complexity
jerryscript CWE-787
critical
 9.8
9.8