** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option.
References
Link | Resource |
---|---|
https://github.com/jerryscript-project/jerryscript/issues/3977 | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Information
Published : 2020-08-13 12:15
Updated : 2020-08-14 06:56
NVD link : CVE-2020-24345
Mitre link : CVE-2020-24345
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
jerryscript
- jerryscript