5.5
CVE-2018-11597
- EPSS 0.81%
- Veröffentlicht 31.05.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:43:41
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginEspruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.81% | 0.521 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
https://github.com/espruino/Espruino/commit/51380baf17241728b6d48cdb84140b931e3e3cc5
https://github.com/espruino/Espruino/issues/1448