Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 795312 (CVE-2021-26194, CVE-2021-26195, CVE-2021-26197, CVE-2021-26198, CVE-2021-26199, CVE-2021-41682, CVE-2021-41683, CVE-2021-41751, CVE-2021-41752, CVE-2021-41959, CVE-2021-42863, CVE-2021-43453, CVE-2021-44988, CVE-2021-44992, CVE-2021-44993, CVE-2021-44994, CVE-2021-46170, CVE-2021-46336, CVE-2021-46337, CVE-2021-46338, CVE-2021-46339, CVE-2021-46340, CVE-2021-46342, CVE-2021-46343, CVE-2021-46344, CVE-2021-46345, CVE-2021-46346, CVE-2021-46347, CVE-2021-46348, CVE-2021-46349, CVE-2021-46350, CVE-2021-46351, CVE-2022-22888, CVE-2022-22890, CVE-2022-22891, CVE-2022-22892, CVE-2022-22893, CVE-2022-22894, CVE-2022-22895, CVE-2022-22901) - dev-lang/jerryscript: multiple vulnerabilities
Summary: dev-lang/jerryscript: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-26194, CVE-2021-26195, CVE-2021-26197, CVE-2021-26198, CVE-2021-26199, CVE-2021-41682, CVE-2021-41683, CVE-2021-41751, CVE-2021-41752, CVE-2021-41959, CVE-2021-42863, CVE-2021-43453, CVE-2021-44988, CVE-2021-44992, CVE-2021-44993, CVE-2021-44994, CVE-2021-46170, CVE-2021-46336, CVE-2021-46337, CVE-2021-46338, CVE-2021-46339, CVE-2021-46340, CVE-2021-46342, CVE-2021-46343, CVE-2021-46344, CVE-2021-46345, CVE-2021-46346, CVE-2021-46347, CVE-2021-46348, CVE-2021-46349, CVE-2021-46350, CVE-2021-46351, CVE-2022-22888, CVE-2022-22890, CVE-2022-22891, CVE-2022-22892, CVE-2022-22893, CVE-2022-22894, CVE-2022-22895, CVE-2022-22901
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-11 02:02 UTC by Sam James
Modified: 2022-07-03 01:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-11 02:02:39 UTC
* CVE-2021-26199

Description:
"An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file."

https://github.com/jerryscript-project/jerryscript/issues/4056

* CVE-2021-26198

Description:
"An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file."

https://github.com/jerryscript-project/jerryscript/issues/4402

* CVE-2021-26197

Description:
"An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file."

https://github.com/jerryscript-project/jerryscript/issues/4403

* CVE-2021-26195

Description:
"An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file."

https://github.com/jerryscript-project/jerryscript/issues/4442

* CVE-2021-26194

Description:
"An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file."

https://github.com/jerryscript-project/jerryscript/issues/4445
Comment 1 NATTkA bot gentoo-dev 2021-07-29 17:21:48 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-07-29 17:29:58 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-07-29 17:37:56 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-07-29 17:46:02 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-07-29 18:01:59 UTC Comment hidden (obsolete)
Comment 6 NATTkA bot gentoo-dev 2021-07-29 18:10:18 UTC
Package list is empty or all packages have requested keywords.
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-15 08:23:27 UTC
CVE-2021-46170 (https://github.com/jerryscript-project/jerryscript/issues/4917):

An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.

Apparently fixed here: https://github.com/jerryscript-project/jerryscript/commit/f3a420b672927037beb4508d7bdd68fb25d2caf6
Comment 8 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-21 01:54:57 UTC
CVE-2022-22891 (https://github.com/jerryscript-project/jerryscript/issues/4871):

Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.

CVE-2022-22892 (https://github.com/jerryscript-project/jerryscript/issues/4872):

There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0.

CVE-2022-22893 (https://github.com/jerryscript-project/jerryscript/issues/4901):

Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.

CVE-2022-22894 (https://github.com/jerryscript-project/jerryscript/issues/4890):

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.

CVE-2022-22895 (https://github.com/jerryscript-project/jerryscript/issues/4850):

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.

CVE-2022-22888 (https://github.com/jerryscript-project/jerryscript/issues/4848):

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

CVE-2022-22890 (https://github.com/jerryscript-project/jerryscript/issues/4847):

There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.

CVE-2021-46346 (https://github.com/jerryscript-project/jerryscript/issues/4939):

There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

CVE-2021-46347 (https://github.com/jerryscript-project/jerryscript/issues/4938):

There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

CVE-2021-46348 (https://github.com/jerryscript-project/jerryscript/issues/4941):

There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0.

CVE-2021-46349 (https://github.com/jerryscript-project/jerryscript/issues/4937):

There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.

CVE-2021-46350 (https://github.com/jerryscript-project/jerryscript/issues/4936):

There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0.

CVE-2021-46351 (https://github.com/jerryscript-project/jerryscript/issues/4940):

There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.

CVE-2021-46336 (https://github.com/jerryscript-project/jerryscript/issues/4927):

There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0.

CVE-2021-46337 (https://github.com/jerryscript-project/jerryscript/issues/4930):

There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0.

CVE-2021-46338 (https://github.com/jerryscript-project/jerryscript/issues/4900):

There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0.

CVE-2021-46339 (https://github.com/jerryscript-project/jerryscript/issues/4935):

There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0.

CVE-2021-46340 (https://github.com/jerryscript-project/jerryscript/issues/4924):

There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.

CVE-2021-46342 (https://github.com/jerryscript-project/jerryscript/issues/4934):

There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)' failed at /jerry-core/ecma/base/ecma-helpers.c in JerryScript 3.0.0.

CVE-2021-46343 (https://github.com/jerryscript-project/jerryscript/issues/4921):

There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.

CVE-2021-46344 (https://github.com/jerryscript-project/jerryscript/issues/4928):

There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0.

CVE-2021-46345 (https://github.com/jerryscript-project/jerryscript/issues/4920):

There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry-core/lit/lit-strings.c in JerryScript 3.0.0.
Comment 9 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-25 15:54:20 UTC
CVE-2021-44988 (https://github.com/jerryscript-project/jerryscript/issues/4890):

Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.
Comment 10 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-25 15:58:25 UTC
CVE-2021-44992 (https://github.com/jerryscript-project/jerryscript/issues/4875):

There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.

CVE-2021-44993 (https://github.com/jerryscript-project/jerryscript/issues/4876):

There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0.

CVE-2021-44994 (https://github.com/jerryscript-project/jerryscript/issues/4894):

There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.
Comment 11 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-02-17 21:10:19 UTC
CVE-2022-22901 (https://github.com/jerryscript-project/jerryscript/issues/4916):

There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9.
Comment 12 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-04-09 17:30:55 UTC
CVE-2021-43453 (https://github.com/jerryscript-project/jerryscript/issues/4754):

A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.

CVE-2021-41751 (https://github.com/jerryscript-project/jerryscript/pull/4797):

Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.

CVE-2021-41752 (https://github.com/jerryscript-project/jerryscript/issues/4779):

Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function.
Comment 13 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-04 02:09:54 UTC
CVE-2021-41959 (https://github.com/jerryscript-project/jerryscript/issues/4781):
https://github.com/jerryscript-project/jerryscript/pull/4787

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.
Comment 14 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-13 17:24:36 UTC
CVE-2021-42863 (https://github.com/jerryscript-project/jerryscript/pull/4794):
https://github.com/jerryscript-project/jerryscript/issues/4793

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.
Comment 15 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-03 01:55:50 UTC
CVE-2021-41682 (https://github.com/jerryscript-project/jerryscript/issues/4747):

There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0

CVE-2021-41683 (https://github.com/jerryscript-project/jerryscript/issues/4745):

There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0

The first has a patch linked at the issue, the second was closed as completed without comment.