7.8

CVE-2018-11595

Exploit
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EspruinoEspruino Version < 1.99
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.3% 0.666
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://github.com/espruino/Espruino/commit/0a7619875bf79877907205f6bee08465b89ff10b
Patch
Vendor Advisory
https://github.com/espruino/Espruino/files/2019210/test_0.txt
Vendor Advisory
Exploit
https://github.com/espruino/Espruino/files/2019216/test_2.txt
Vendor Advisory
Exploit
https://github.com/espruino/Espruino/files/2019220/test_4.txt
Vendor Advisory
Exploit
https://github.com/espruino/Espruino/issues/1425
Vendor Advisory
Issue Tracking