SB2017052801 - Multiple vulnerabilities in JerryScript

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2018-1000636)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.

2) Out-of-bounds read (CVE-ID: CVE-2018-11418)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c. A remote attacker can perform a denial of service attack.

3) Out-of-bounds read (CVE-ID: CVE-2018-11419)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c. A remote attacker can perform a denial of service attack.

4) Out-of-bounds read (CVE-ID: CVE-2017-18212)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[x0"); payload. A remote attacker can perform a denial of service attack.

5) Buffer overflow (CVE-ID: CVE-2017-14749)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized characters cause incorrect 0x00 characters in bytecode.literal data.

6) NULL pointer dereference (CVE-ID: CVE-2017-9250)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via malformed JavaScript source code, related to the jmem_heap_free_block function.

Remediation

Install update from vendor's website.

References

• https://github.com/jerryscript-project/jerryscript/issues/2435
• https://github.com/jerryscript-project/jerryscript/issues/2237
• https://github.com/jerryscript-project/jerryscript/issues/2230
• https://github.com/jerryscript-project/jerryscript/issues/2140
• https://github.com/jerryscript-project/jerryscript/issues/2008
• http://www.securitytracker.com/id/1038413
• https://github.com/jerryscript-project/jerryscript/commit/e58f2880df608652aff7fd35c45b242467ec0e79
• https://github.com/jerryscript-project/jerryscript/issues/1821
• https://github.com/zherczeg/jerryscript/commit/03a8c630f015f63268639d3ed3bf82cff6fa77d8