Aggregates CVE and security vulnerability intelligence across all JerryScript-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-31908 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. | [email protected] | 7.8 | 0.07% | 2023-05-10 | 2025-01-28 |
| CVE-2023-31907 | Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c. | [email protected] | 7.8 | 0.07% | 2023-05-10 | 2025-01-27 |
| CVE-2023-31906 | Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c. | [email protected] | 7.8 | 0.08% | 2023-05-10 | 2025-01-27 |
| CVE-2023-30414 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. | [email protected] | 5.5 | 0.05% | 2023-04-24 | 2025-02-04 |
| CVE-2023-30410 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. | [email protected] | 5.5 | 0.05% | 2023-04-24 | 2025-02-05 |
| CVE-2023-30408 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | [email protected] | 5.5 | 0.04% | 2023-04-24 | 2025-02-05 |
| CVE-2023-30406 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. | [email protected] | 5.5 | 0.04% | 2023-04-24 | 2025-02-05 |
| CVE-2022-32117 | Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. | [email protected] | 7.8 | 0.05% | 2022-07-13 | 2024-11-21 |
| CVE-2021-41683 | There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | [email protected] | 7.8 | 0.26% | 2022-06-20 | 2024-11-21 |
| CVE-2021-41682 | There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 | [email protected] | 7.8 | 0.26% | 2022-06-20 | 2024-11-21 |
| CVE-2021-42863 | A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. | [email protected] | 9.8 | 0.47% | 2022-05-12 | 2024-11-21 |
| CVE-2021-41959 | JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | [email protected] | 7.5 | 0.27% | 2022-05-03 | 2024-11-21 |
| CVE-2021-43453 | A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657. | [email protected] | 9.8 | 0.37% | 2022-04-07 | 2024-11-21 |
| CVE-2021-41752 | Stack overflow vulnerability in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021 due to an unbounded recursive call to the new opt() function. | [email protected] | 9.8 | 0.37% | 2022-04-05 | 2024-11-21 |
| CVE-2021-41751 | Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021. | [email protected] | 9.8 | 0.46% | 2022-04-05 | 2024-11-21 |
| CVE-2022-22901 | There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at parser_parse_function_arguments in /js/js-parser.c of JerryScript commit a6ab5e9. | [email protected] | 5.5 | 0.21% | 2022-02-17 | 2024-11-21 |
| CVE-2021-44994 | There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0. | [email protected] | 5.5 | 0.19% | 2022-01-25 | 2024-11-21 |
| CVE-2021-44993 | There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0. | [email protected] | 5.5 | 0.16% | 2022-01-25 | 2024-11-21 |
| CVE-2021-44992 | There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0. | [email protected] | 5.5 | 0.16% | 2022-01-25 | 2024-11-21 |
| CVE-2021-44988 | Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | [email protected] | 7.8 | 0.26% | 2022-01-25 | 2024-11-21 |