CVE-2021-41751

EPSS 0.44%
Veröffentlicht 05.04.2022 16:15:12
Zuletzt bearbeitet 21.11.2024 06:26:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jerryscript ≫ Jerryscript Version < 2021-10-20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.623

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://github.com/jerryscript-project/jerryscript/pull/4797

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-41751

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41751

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41751

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-41751