Vulnerabilities > Jerryscript > High

DATE CVE VULNERABILITY TITLE RISK
2020-08-13 CVE-2020-24344 Out-of-bounds Read vulnerability in Jerryscript
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
local
low complexity
jerryscript CWE-125
7.1
2020-06-15 CVE-2020-14163 Out-of-bounds Read vulnerability in Jerryscript 2.2.0
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0.
network
low complexity
jerryscript CWE-125
7.5
2020-05-28 CVE-2020-13649 Reachable Assertion vulnerability in Jerryscript 2.2.0
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
network
low complexity
jerryscript CWE-617
7.5
2020-05-27 CVE-2020-13623 Resource Exhaustion vulnerability in Jerryscript 2.2.0
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
network
low complexity
jerryscript CWE-400
7.5
2020-05-27 CVE-2020-13622 Reachable Assertion vulnerability in Jerryscript 2.2.0
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
network
low complexity
jerryscript CWE-617
7.5
2017-09-26 CVE-2017-14749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 1.0
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
local
low complexity
jerryscript CWE-119
7.8
2017-05-28 CVE-2017-9250 NULL Pointer Dereference vulnerability in Jerryscript 1.0
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
network
low complexity
jerryscript CWE-476
7.5