Main Vulnerability Database Vulnerabilities #VU49927

Buffer overflow in JerryScript - CVE-2019-1010176

Published: July 25, 2019 / Updated: January 22, 2021

Vulnerability identifier: #VU49927

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-1010176

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: JerryScript

Affected software:
JerryScript

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the lit_char_to_utf8_bytes() function in jerry-core/lit/lit-char-helpers.c. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2019-1010176

Install updates from vendor's website.

Sources

https://github.com/jerryscript-project/jerryscript/issues/2476

Buffer overflow in JerryScript - CVE-2019-1010176

Detailed vulnerability description

How to mitigate CVE-2019-1010176

Sources

Please verify you're human