CVE-2020-13649

EPSS 0.4%
Veröffentlicht 28.05.2020 15:15:11
Zuletzt bearbeitet 21.11.2024 05:01:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jerryscript ≫ Jerryscript Version2.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.578

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24

Patch

Third Party Advisory

https://github.com/jerryscript-project/jerryscript/issues/3786

Third Party Advisory

https://github.com/jerryscript-project/jerryscript/issues/3788

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-13649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-13649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-13649

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-13649