Skip to main content

Jerryscript CVE-2024-29489

MEDIUM
NULL Pointer Dereference (CWE-476)
2024-03-28 cve@mitre.org
5.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 28, 2024 - 23:15 cve.org
MEDIUM 5.5

DescriptionCVE.org

Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.

AnalysisAI

Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Affected products include: Jerryscript.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2023-36109 CRITICAL POC
9.8 Sep 20

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_str

CVE-2023-38961 CRITICAL POC
9.8 Aug 21

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary c

CVE-2019-1010176 CRITICAL POC
9.8 Jul 25

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. Rated critical severity (CV

CVE-2018-11419 CRITICAL POC
9.8 May 24

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2018-11418 CRITICAL POC
9.8 May 24

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitab

CVE-2021-26195 HIGH POC
8.8 Jun 10

An issue was discovered in JerryScript 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable

CVE-2017-9250 HIGH POC
7.5 May 28

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory alloc

CVE-2017-14749 HIGH POC
7.8 Sep 26

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corrupt

CVE-2023-31910 HIGH POC
7.8 May 10

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_functio

CVE-2023-31908 HIGH POC
7.8 May 10

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedar

CVE-2023-31907 HIGH POC
7.8 May 10

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerr

CVE-2023-31906 HIGH POC
7.8 May 10

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_ident

Share

CVE-2024-29489 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy