Denial of Service Vulnerability in JerryScript 1.0

Denial of Service Vulnerability in JerryScript 1.0

CVE-2017-9250 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.

Learn more about our Web Application Penetration Testing UK.