Espruino up to 1.98 jslex.c memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Espruino up to 1.98. It has been rated as problematic. Affected by this issue is an unknown code block of the file jslex.c. Upgrading to version 1.99 eliminates this vulnerability.

Field06/01/2018 10:26 AM02/10/2020 03:54 PM
nameEspruinoEspruino
version<=1.98<=1.98
filejslex.cjslex.c
cwe119 (memory corruption)119 (memory corruption)
risk11
historic00
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore3.73.7
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore5.25.2
cvss3_meta_tempscore5.05.0
cvss3_vuldb_basescore3.33.3
cvss3_vuldb_tempscore3.23.2
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iNN
cvss3_nvd_aHH
date1527724800 (05/31/2018)1527724800 (05/31/2018)
urlhttps://github.com/espruino/Espruino/commit/bed844f109b6c222816740555068de2e101e8018https://github.com/espruino/Espruino/commit/bed844f109b6c222816740555068de2e101e8018
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version1.991.99
cveCVE-2018-11593CVE-2018-11593
cve_assigned15277248001527724800
cve_nvd_published15277176001527717600
cve_nvd_summaryEspruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
seealso118470 118469 118468 118467 118465 118464 118463118470 118469 118468 118467 118465 118464 118463
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days1212
cvss3_nvd_basescore7.17.1
discoverydate1526688000

Want to stay up to date on a daily basis?

Enable the mail alert feature now!