Skip to main content

Jerryscript CVE-2020-29657

CRITICAL
Out-of-bounds Read (CWE-125)
2020-12-09 cve@mitre.org
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 09, 2020 - 09:15 nvd
CRITICAL 9.1

DescriptionNVD

In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.

AnalysisAI

In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. Affected products include: Jerryscript.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2023-36109 CRITICAL POC
9.8 Sep 20

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_str

CVE-2023-38961 CRITICAL POC
9.8 Aug 21

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary c

CVE-2019-1010176 CRITICAL POC
9.8 Jul 25

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. Rated critical severity (CV

CVE-2018-11419 CRITICAL POC
9.8 May 24

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2018-11418 CRITICAL POC
9.8 May 24

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2021-26195 HIGH POC
8.8 Jun 10

An issue was discovered in JerryScript 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable

CVE-2017-9250 HIGH POC
7.5 May 28

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory alloc

CVE-2017-14749 HIGH POC
7.8 Sep 26

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corrupt

CVE-2023-31910 HIGH POC
7.8 May 10

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_functio

CVE-2023-31908 HIGH POC
7.8 May 10

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedar

CVE-2023-31907 HIGH POC
7.8 May 10

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerr

CVE-2023-31906 HIGH POC
7.8 May 10

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_ident

Share

CVE-2020-29657 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy