Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jerryscript Subscribe
Total 71 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-32117 1 Jerryscript 1 Jerryscript 2022-07-20 N/A 7.8 HIGH
Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c.
CVE-2021-41683 1 Jerryscript 1 Jerryscript 2022-06-28 6.8 MEDIUM 7.8 HIGH
There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0
CVE-2021-41682 1 Jerryscript 1 Jerryscript 2022-06-28 6.8 MEDIUM 7.8 HIGH
There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0
CVE-2021-42863 1 Jerryscript 1 Jerryscript 2022-05-23 7.5 HIGH 9.8 CRITICAL
A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.
CVE-2021-41959 1 Jerryscript 1 Jerryscript 2022-05-10 5.0 MEDIUM 7.5 HIGH
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
CVE-2021-41751 1 Jerryscript 1 Jerryscript 2022-04-14 7.5 HIGH 9.8 CRITICAL
Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.
CVE-2021-41752 1 Jerryscript 1 Jerryscript 2022-04-14 7.5 HIGH 9.8 CRITICAL
Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
CVE-2021-43453 1 Jerryscript 1 Jerryscript 2022-04-14 7.5 HIGH 9.8 CRITICAL
A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.
CVE-2022-22901 1 Jerryscript 1 Jerryscript 2022-02-24 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.
CVE-2021-44988 1 Jerryscript 1 Jerryscript 2022-01-27 6.8 MEDIUM 7.8 HIGH
Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.
CVE-2021-44992 1 Jerryscript 1 Jerryscript 2022-01-27 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.
CVE-2021-44993 1 Jerryscript 1 Jerryscript 2022-01-27 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0.
CVE-2021-44994 1 Jerryscript 1 Jerryscript 2022-01-27 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.
CVE-2022-22895 1 Jerryscript 1 Jerryscript 2022-01-26 6.8 MEDIUM 7.8 HIGH
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.
CVE-2022-22894 1 Jerryscript 1 Jerryscript 2022-01-26 6.8 MEDIUM 7.8 HIGH
Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.
CVE-2022-22893 1 Jerryscript 1 Jerryscript 2022-01-26 6.8 MEDIUM 7.8 HIGH
Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.
CVE-2022-22892 1 Jerryscript 1 Jerryscript 2022-01-26 4.3 MEDIUM 5.5 MEDIUM
There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0.
CVE-2022-22891 1 Jerryscript 1 Jerryscript 2022-01-26 4.3 MEDIUM 5.5 MEDIUM
Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.
CVE-2022-22890 1 Jerryscript 1 Jerryscript 2022-01-26 5.0 MEDIUM 5.5 MEDIUM
There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.
CVE-2022-22888 1 Jerryscript 1 Jerryscript 2022-01-26 6.8 MEDIUM 7.8 HIGH
Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.