CVE-2017-9250

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:jerryscript:jerryscript:1.0:-:*:*:*:*:*:*

Information

Published : 2017-05-28 13:29

Updated : 2020-10-28 12:42


NVD link : CVE-2017-9250

Mitre link : CVE-2017-9250


JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa

Products Affected

jerryscript

  • jerryscript