Jerryscript CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (96 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2017-14749	1 Jerryscript	1 Jerryscript	2025-04-20	N/A
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data.
CVE-2017-9250	1 Jerryscript	1 Jerryscript	2025-04-20	7.5 High
The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
CVE-2023-30410	1 Jerryscript	1 Jerryscript	2025-02-05	5.5 Medium
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.
CVE-2023-30408	1 Jerryscript	1 Jerryscript	2025-02-05	5.5 Medium
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.
CVE-2023-30406	1 Jerryscript	1 Jerryscript	2025-02-05	5.5 Medium
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.
CVE-2023-30414	1 Jerryscript	1 Jerryscript	2025-02-04	5.5 Medium
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.
CVE-2023-31910	1 Jerryscript	1 Jerryscript	2025-01-28	7.8 High
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.
CVE-2023-31908	1 Jerryscript	1 Jerryscript	2025-01-28	7.8 High
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.
CVE-2023-31907	1 Jerryscript	1 Jerryscript	2025-01-27	7.8 High
Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.
CVE-2023-31906	1 Jerryscript	1 Jerryscript	2025-01-27	7.8 High
Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.
CVE-2023-31919	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.
CVE-2023-31918	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.
CVE-2023-31914	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.
CVE-2023-31913	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.
CVE-2023-31916	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.
CVE-2023-31921	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.
CVE-2023-31920	1 Jerryscript	1 Jerryscript	2025-01-24	5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.
CVE-2023-34867	1 Jerryscript	1 Jerryscript	2025-01-03	7.5 High
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.
CVE-2023-34868	1 Jerryscript	1 Jerryscript	2025-01-02	7.5 High
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.
CVE-2020-22597	2 Jerrscript-project, Jerryscript	2 Jerryscript, Jerryscript	2024-11-25	9.8 Critical
An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.

Page 1 of 5. next last »