Vulnerability Details CVE-2020-13649
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
- https://github.com/jerryscript-project/jerryscript/issues/3786
- https://github.com/jerryscript-project/jerryscript/issues/3788
- https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24
- https://github.com/jerryscript-project/jerryscript/issues/3786
- https://github.com/jerryscript-project/jerryscript/issues/3788
Products affected by CVE-2020-13649
-
cpe:2.3:a:jerryscript:jerryscript:2.2.0