CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Jerryscript » Jerryscript » 2.2.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:jerryscript:jerryscript:2.2.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-23323 787 Overflow 2021-06-10 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.
2 CVE-2020-23322 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0.
3 CVE-2020-23321 787 Overflow 2021-06-10 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.
4 CVE-2020-23320 617 2021-06-10 2021-06-15
5.0
None Remote Low Not required None None Partial
There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.
5 CVE-2020-23319 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0.
6 CVE-2020-23314 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.
7 CVE-2020-23313 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0
8 CVE-2020-23312 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.
9 CVE-2020-23311 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.
10 CVE-2020-23310 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.
11 CVE-2020-23309 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.
12 CVE-2020-23308 617 2021-06-10 2021-06-16
5.0
None Remote Low Not required None None Partial
There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0.
13 CVE-2020-23306 787 Overflow 2021-06-10 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.
14 CVE-2020-23303 787 Overflow 2021-06-10 2021-06-16
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.
15 CVE-2020-23302 416 2021-06-10 2021-06-15
7.5
None Remote Low Not required Partial Partial Partial
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0
16 CVE-2020-14163 119 Overflow 2020-06-15 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.
17 CVE-2020-13991 2020-09-24 2020-09-30
5.0
None Remote Low Not required None None Partial
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
18 CVE-2020-13649 476 2020-05-28 2021-07-21
5.0
None Remote Low Not required None None Partial
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
19 CVE-2020-13623 400 DoS 2020-05-27 2020-05-27
5.0
None Remote Low Not required None None Partial
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
20 CVE-2020-13622 617 DoS 2020-05-27 2020-05-27
5.0
None Remote Low Not required None None Partial
JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.