JerryScript 1.0 JS File jmem_heap_alloc_block_internal memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, has been found in JerryScript 1.0. This issue affects the function jmem_heap_alloc_block_internal of the component JS File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field09/27/2017 08:52 AM11/20/2019 07:30 AM
nameJerryScriptJerryScript
version1.01.0
componentJS File HandlerJS File Handler
functionjmem_heap_alloc_block_internaljmem_heap_alloc_block_internal
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss2_vuldb_basescore6.86.8
cvss2_vuldb_tempscore6.86.8
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore7.57.5
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1506384000 (09/26/2017)1506384000 (09/26/2017)
urlhttps://github.com/jerryscript-project/jerryscript/issues/2008https://github.com/jerryscript-project/jerryscript/issues/2008
price_0day$0-$5k$0-$5k
cveCVE-2017-14749CVE-2017-14749
cve_assigned15063840001506384000
cve_nvd_published15063840001506384000
cve_nvd_summaryJerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days1919
cvss3_nvd_basescore7.87.8
discoverydate1504742400

Do you need the next level of professionalism?

Upgrade your account now!