JerryScript ecma_builtin_typedarray_prototype_filter buffer overflow

A vulnerability classified as critical was found in JerryScript (the affected version is unknown). This vulnerability affects the function ecma_builtin_typedarray_prototype_filter. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

Field05/12/2022 04:24 PM05/14/2022 05:48 PM
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore4.54.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.35.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.35.3
price_0day$0-$5k$0-$5k
nameJerryScriptJerryScript
functionecma_builtin_typedarray_prototype_filterecma_builtin_typedarray_prototype_filter
cwe120 (memory corruption)120 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifier47934793
urlhttps://github.com/jerryscript-project/jerryscript/issues/4793https://github.com/jerryscript-project/jerryscript/issues/4793
namePatchPatch
patch_urlhttps://github.com/jerryscript-project/jerryscript/pull/4794https://github.com/jerryscript-project/jerryscript/pull/4794
cveCVE-2021-42863CVE-2021-42863
cve_assigned16351128001635112800
date1652306400 (05/12/2022)1652306400 (05/12/2022)
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cve_nvd_summaryA buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

Do you want to use VulDB in your project?

Use the official API to access entries easily!