JerryScript 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption and バッファオーバーフロー があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact memory corruption and アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-33260 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c | [email protected] | 5.1 | 0.22% | 2024-04-26 | 2025-09-22 |
| CVE-2024-33259 | Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c. | [email protected] | 5.5 | 0.27% | 2024-04-26 | 2025-09-22 |
| CVE-2024-33258 | Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c. | [email protected] | 7.1 | 0.30% | 2024-04-26 | 2025-09-22 |
| CVE-2024-33255 | Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list. | [email protected] | 6.2 | 0.27% | 2024-04-26 | 2025-09-22 |
| CVE-2024-29489 | Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type. | [email protected] | 5.5 | 0.34% | 2024-03-28 | 2025-09-22 |
| CVE-2023-36109 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | [email protected] | 9.8 | 1.98% | 2023-09-20 | 2024-11-21 |
| CVE-2023-38961 | Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. | [email protected] | 9.8 | 1.20% | 2023-08-21 | 2024-11-21 |
| CVE-2020-24187 | An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). | [email protected] | 5.5 | 0.30% | 2023-08-11 | 2024-11-21 |
| CVE-2023-36201 | An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. | [email protected] | 7.5 | 0.51% | 2023-07-07 | 2024-11-21 |
| CVE-2020-22597 | An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. | [email protected] | 9.8 | 1.09% | 2023-07-03 | 2024-11-21 |
| CVE-2023-34868 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. | [email protected] | 7.5 | 0.73% | 2023-06-14 | 2025-01-02 |
| CVE-2023-34867 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. | [email protected] | 7.5 | 0.73% | 2023-06-14 | 2025-01-03 |
| CVE-2023-31921 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | [email protected] | 5.5 | 0.30% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31920 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | [email protected] | 5.5 | 0.33% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31919 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | [email protected] | 5.5 | 0.33% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31918 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | [email protected] | 5.5 | 0.33% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31916 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | [email protected] | 5.5 | 0.33% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31914 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | [email protected] | 5.5 | 0.33% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31913 | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | [email protected] | 5.5 | 0.33% | 2023-05-12 | 2025-01-24 |
| CVE-2023-31910 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. | [email protected] | 7.8 | 0.33% | 2023-05-10 | 2025-01-28 |