Heap-based Buffer Over-read in JerryScript 1.0 via RegExp Payload

CVE-2018-11419 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.

Learn more about our Web Application Penetration Testing UK.