VDB-199666 · CVE-2021-42863 · ID 4793

JerryScript ecma_builtin_typedarray_prototype_filter buffer overflow

A vulnerability classified as critical was found in JerryScript (the affected version is unknown). This vulnerability affects the function ecma_builtin_typedarray_prototype_filter. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

Field	05/12/2022 04:24 PM	05/14/2022 05:48 PM
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_av	A	A
cvss2_vuldb_au	S	S
cvss2_vuldb_e	ND	ND
cvss3_vuldb_av	A	A
cvss3_vuldb_pr	L	L
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3
cvss3_meta_basescore	5.5	5.5
cvss3_meta_tempscore	5.3	5.3
price_0day	$0-$5k	$0-$5k
name	JerryScript	JerryScript
function	ecma_builtin_typedarray_prototype_filter	ecma_builtin_typedarray_prototype_filter
cwe	120 (memory corruption)	120 (memory corruption)
risk	2	2
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
identifier	4793	4793
url	https://github.com/jerryscript-project/jerryscript/issues/4793	https://github.com/jerryscript-project/jerryscript/issues/4793
name	Patch	Patch
patch_url	https://github.com/jerryscript-project/jerryscript/pull/4794	https://github.com/jerryscript-project/jerryscript/pull/4794
cve	CVE-2021-42863	CVE-2021-42863
cve_assigned	1635112800	1635112800
date	1652306400 (05/12/2022)	1652306400 (05/12/2022)
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	P	P
cve_nvd_summary		A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!