Heap-based Buffer Over-read in JerryScript 1.0 via RegExp Payload

Heap-based Buffer Over-read in JerryScript 1.0 via RegExp Payload

CVE-2017-18212 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\x0"); payload.

Learn more about our Web Application Penetration Testing UK.