Shodan
Vulnerabilities
Vulnerable Software
Jerryscript:  >> Jerryscript  >> 2.3.0  Security Vulnerabilities
CVE-2020-24187
An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-11
CVE-2020-22597
An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-07-03
CVE-2021-42863
A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-05-12
CVE-2021-43453
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-07
CVE-2021-41751
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-05
CVE-2021-41752
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-04-05
CVE-2021-46170
An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-01-14
CVE-2020-29657
In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.
CVSS Score
9.1
EPSS Score
0.005
Published
2020-12-09
CVE-2020-24344
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
CVSS Score
7.1
EPSS Score
0.002
Published
2020-08-13
CVE-2020-24345
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved