Vulnerabilities for Jerryscript (...) - CXSECURITY.COM

Vulnerabilities for 'Jerryscript'

2022-06-20

CVE-2021-41682

CWE-416

There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0

CVE-2021-41683

CWE-787

There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0

2022-05-03

CVE-2021-41959

CWE-401

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.

2022-04-07

CVE-2021-43453

CWE-787

A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.

2022-01-25

CVE-2021-44988

CWE-787

Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.

CVE-2021-44992

CWE-119

There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.

CVE-2021-44993

CWE-617

There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0.

CVE-2021-44994

CWE-617

There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.

2022-01-20

CVE-2022-22888

CWE-787

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

CVE-2022-22890

CWE-617

There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.

Copyright 2024, cxsecurity.com