Vulnerability CVE-2018-1000661
Published: 2018-09-06

Description:
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been fixed in 2.4.69.

Type:

CWE-476

 (NULL Pointer Dereference)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Jsish -> Jsish 

 References:
https://jsish.org/fossil/jsi/tktview/2adeb066894695b38309d92771aea11c8e0a56a8
Copyright 2024, cxsecurity.com

 

Back to Top