905089 – (CVE-2023-30406, CVE-2023-30408, CVE-2023-30410, CVE-2023-30414, CVE-2023-31906, CVE-2023-31907, CVE-2023-31908, CVE-2023-31910, CVE-2023-31913, CVE-2023-31914, CVE-2023-31916, CVE-2023-31918, CVE-2023-31919, CVE-2023-31920, CVE-2023-31921, CVE-2023-34867, CVE-2023-34868) dev-lang/jerryscript: multiple vulnerabilities

Bug 905089 (CVE-2023-30406, CVE-2023-30408, CVE-2023-30410, CVE-2023-30414, CVE-2023-31906, CVE-2023-31907, CVE-2023-31908, CVE-2023-31910, CVE-2023-31913, CVE-2023-31914, CVE-2023-31916, CVE-2023-31918, CVE-2023-31919, CVE-2023-31920, CVE-2023-31921, CVE-2023-34867, CVE-2023-34868) - dev-lang/jerryscript: multiple vulnerabilities

Summary: dev-lang/jerryscript: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2023-30406, CVE-2023-30408, CVE-2023-30410, CVE-2023-30414, CVE-2023-31906, CVE-2023-31907, CVE-2023-31908, CVE-2023-31910, CVE-2023-31913, CVE-2023-31914, CVE-2023-31916, CVE-2023-31918, CVE-2023-31919, CVE-2023-31920, CVE-2023-31921, CVE-2023-34867, CVE-2023-34868

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [upstream/ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2023-04-25 23:39 UTC by John Helmert III
Modified:	2023-06-15 05:10 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-04-25 23:39:37 UTC

CVE-2023-30406 (https://github.com/jerryscript-project/jerryscript/issues/5058):

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.

CVE-2023-30408 (https://github.com/jerryscript-project/jerryscript/issues/5057):

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.

CVE-2023-30414 (https://github.com/jerryscript-project/jerryscript/issues/5051):

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.

CVE-2023-30410 (https://github.com/jerryscript-project/jerryscript/issues/5052):

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.

Comment 1 John Helmert III archtester

2023-05-11 04:07:10 UTC

CVE-2023-31910 (https://github.com/jerryscript-project/jerryscript/issues/5076):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.

CVE-2023-31906 (https://github.com/jerryscript-project/jerryscript/issues/5066):

Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.

CVE-2023-31907 (https://github.com/jerryscript-project/jerryscript/issues/5073):

Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.

CVE-2023-31908 (https://github.com/jerryscript-project/jerryscript/issues/5067):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.

None of these issues have patches.

Comment 2 John Helmert III archtester

2023-05-27 20:11:58 UTC

CVE-2023-31913 (https://github.com/jerryscript-project/jerryscript/issues/5061):

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.

CVE-2023-31914 (https://github.com/jerryscript-project/jerryscript/issues/5071):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.

CVE-2023-31916 (https://github.com/jerryscript-project/jerryscript/issues/5062):

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.

CVE-2023-31921 (https://github.com/jerryscript-project/jerryscript/issues/5068):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.

CVE-2023-31918 (https://github.com/jerryscript-project/jerryscript/issues/5064):

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.

CVE-2023-31919 (https://github.com/jerryscript-project/jerryscript/issues/5069):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.

CVE-2023-31920 (https://github.com/jerryscript-project/jerryscript/issues/5070):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.

All of these untouched by upstream.

Comment 3 John Helmert III archtester

2023-06-15 05:10:26 UTC

CVE-2023-34867 (https://github.com/jerryscript-project/jerryscript/issues/5084):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.

CVE-2023-34868 (https://github.com/jerryscript-project/jerryscript/issues/5083):

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.