JerryScript 2.2.0 jmem-poolman.c jmem_pools_collect_empty heap-based overflow

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in JerryScript 2.2.0 and classified as critical. Affected by this vulnerability is the function jmem_pools_collect_empty of the file jmem-poolman.c. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1133766406/13/2021VulD...confirm_urlhttps://github.com/jerryscript-project/jerryscript/issues/3749cve.mitre.org06/13/2021accepted70
1133766306/13/2021VulD...cve_nvd_summaryThere is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.cve.mitre.org06/13/2021accepted70
1133766206/13/2021VulD...cve_assigned1597269600cve.mitre.org06/13/2021accepted70
1133298306/11/2021VulD...price_0day$0-$5ksee documentation06/11/2021accepted90
1133298206/11/2021VulD...cvss3_meta_tempscore5.5see documentation06/11/2021accepted90
1133298106/11/2021VulD...cvss3_meta_basescore5.5see documentation06/11/2021accepted90
1133298006/11/2021VulD...cvss3_vuldb_tempscore5.506/11/2021accepted90
1133297906/11/2021VulD...cvss3_vuldb_basescore5.506/11/2021accepted90
1133297806/11/2021VulD...cvss2_vuldb_tempscore5.206/11/2021accepted90
1133297706/11/2021VulD...cvss2_vuldb_basescore5.206/11/2021accepted90
1133297606/11/2021VulD...cvss3_vuldb_rlXderived from historical data06/11/2021accepted80
1133297506/11/2021VulD...cvss3_vuldb_eXderived from historical data06/11/2021accepted80
1133297406/11/2021VulD...cvss3_vuldb_prLderived from historical data06/11/2021accepted80
1133297306/11/2021VulD...cvss3_vuldb_avAderived from historical data06/11/2021accepted80
1133297206/11/2021VulD...cvss2_vuldb_rlNDderived from historical data06/11/2021accepted80
1133297106/11/2021VulD...cvss2_vuldb_eNDderived from historical data06/11/2021accepted80
1133297006/11/2021VulD...cvss2_vuldb_auSderived from historical data06/11/2021accepted80
1133296906/11/2021VulD...cvss2_vuldb_avAderived from historical data06/11/2021accepted80
1133296806/11/2021VulD...cvss2_vuldb_rcCderived from vuldb v3 vector06/11/2021accepted80
1133296706/11/2021VulD...cvss2_vuldb_aiPderived from vuldb v3 vector06/11/2021accepted80

Interested in the pricing of exploits?

See the underground prices here!