Summary: | dev-lang/jerryscript: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | trivial | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~4 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-04-25 23:39:37 UTC
CVE-2023-31910 (https://github.com/jerryscript-project/jerryscript/issues/5076): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. CVE-2023-31906 (https://github.com/jerryscript-project/jerryscript/issues/5066): Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. CVE-2023-31907 (https://github.com/jerryscript-project/jerryscript/issues/5073): Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. CVE-2023-31908 (https://github.com/jerryscript-project/jerryscript/issues/5067): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. None of these issues have patches. CVE-2023-31913 (https://github.com/jerryscript-project/jerryscript/issues/5061): Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. CVE-2023-31914 (https://github.com/jerryscript-project/jerryscript/issues/5071): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. CVE-2023-31916 (https://github.com/jerryscript-project/jerryscript/issues/5062): Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. CVE-2023-31921 (https://github.com/jerryscript-project/jerryscript/issues/5068): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. CVE-2023-31918 (https://github.com/jerryscript-project/jerryscript/issues/5064): Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. CVE-2023-31919 (https://github.com/jerryscript-project/jerryscript/issues/5069): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. CVE-2023-31920 (https://github.com/jerryscript-project/jerryscript/issues/5070): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. All of these untouched by upstream. CVE-2023-34867 (https://github.com/jerryscript-project/jerryscript/issues/5084): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. CVE-2023-34868 (https://github.com/jerryscript-project/jerryscript/issues/5083): Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. |