Vulnerabilities > Jerryscript > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2020-14163 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 2.2.0 An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. | 5.0 |
| 2020-05-28 | CVE-2020-13649 | NULL Pointer Dereference vulnerability in Jerryscript 2.2.0 parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | 5.0 |
| 2020-05-27 | CVE-2020-13623 | Resource Exhaustion vulnerability in Jerryscript 2.2.0 JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. | 5.0 |
| 2020-05-27 | CVE-2020-13622 | Reachable Assertion vulnerability in Jerryscript 2.2.0 JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. | 5.0 |
| 2018-08-20 | CVE-2018-1000636 | NULL Pointer Dereference vulnerability in Jerryscript 1.0 JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. | 4.3 |
| 2017-09-26 | CVE-2017-14749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 1.0 JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | 6.8 |
| 2017-05-28 | CVE-2017-9250 | NULL Pointer Dereference vulnerability in Jerryscript 1.0 The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function. | 5.0 |