Espruino: >> Espruino >> 1.98 Security Vulnerabilities
Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.026
Published
2021-07-13
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
CVSS Score
7.1
EPSS Score
0.002
Published
2018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
CVSS Score
5.5
EPSS Score
0.002
Published
2018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
CVSS Score
7.8
EPSS Score
0.003
Published
2018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
CVSS Score
7.1
EPSS Score
0.003
Published
2018-05-31