Bug 918550 (CVE-2023-36109, CVE-2023-36201, CVE-2023-38961)

Summary:	dev-lang/jerryscript: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	trivial	CC:	zmedico
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	~3 [upstream]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2023-11-25 19:26:32 UTC

CVE-2023-36109 (https://github.com/jerryscript-project/jerryscript/issues/5080):

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.

CVE-2023-38961 (https://github.com/jerryscript-project/jerryscript/issues/5092):

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.

CVE-2023-36201 (https://github.com/jerryscript-project/jerryscript/issues/5026):

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.

All seem unfixed.