An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-04
Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.025
Published
2021-07-13
Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-07-13
Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.031
Published
2021-07-13
Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-07-13
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-09-06