Skip to main content

Jerryscript

46 CVEs product

Monthly

CVE-2024-33260 MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jerryscript
NVD GitHub
CVSS 3.1
5.1
EPSS
0.2%
CVE-2024-33259 MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-33258 HIGH POC This Week

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2024-33255 MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
6.2
EPSS
0.3%
CVE-2024-29489 MEDIUM POC PATCH This Month

Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36109 CRITICAL POC Act Now

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Jerryscript
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-38961 CRITICAL POC Act Now

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Jerryscript
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-36201 HIGH This Week

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34868 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34867 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31921 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31920 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31919 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31918 MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31916 MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31914 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31913 MEDIUM POC This Month

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31910 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31908 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31907 HIGH POC This Week

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31906 HIGH POC This Week

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30414 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30410 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30408 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30406 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-32117 HIGH POC This Week

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-22901 MEDIUM POC This Month

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-26199 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26198 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26197 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-26195 HIGH POC This Week

An issue was discovered in JerryScript 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-26194 MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-29657 CRITICAL Act Now

In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2020-13991 HIGH POC This Week

vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-24345 HIGH POC This Week

{new new Proxy(a,{})}JSON.parse("[]",a). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-24344 HIGH POC This Week

{a=arguments}){const arguments}) buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2020-14163 HIGH PATCH This Week

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13649 HIGH PATCH This Week

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-13623 HIGH POC This Week

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-13622 HIGH This Week

JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-1010176 CRITICAL POC Act Now

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE Memory Corruption Jerryscript
NVD GitHub
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-1000636 MEDIUM PATCH This Month

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-11419 CRITICAL POC Act Now

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-11418 CRITICAL POC Act Now

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2017-14749 HIGH POC This Week

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Jerryscript
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2017-9250 HIGH POC PATCH This Week

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
EPSS 0% CVSS 5.1
MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM POC This Month

Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Jerryscript
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in JerryScript 2.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in JerryScript 2.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jerryscript
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

{new new Proxy(a,{})}JSON.parse("[]",a). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Jerryscript
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC This Week

{a=arguments}){const arguments}) buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow RCE +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jerryscript
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in JerryScript 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jerryscript
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy