Main Vulnerability Database Vulnerabilities #VU36772

NULL pointer dereference in JerryScript - CVE-2018-1000636

Published: August 20, 2018 / Updated: January 22, 2021

Vulnerability identifier: #VU36772

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-1000636

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JerryScript

Affected software:
JerryScript

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.

How to mitigate CVE-2018-1000636

Install update from vendor's website.

Sources

https://github.com/jerryscript-project/jerryscript/issues/2435

NULL pointer dereference in JerryScript - CVE-2018-1000636

Detailed vulnerability description

How to mitigate CVE-2018-1000636

Sources

Please verify you're human