CVE
CVE-2018-11593
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing b...
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.1
-
3.0
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
C
H
U
7.1
-
3.0
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
C
H
U
-
Related Resources
No items found.
References
https://github.com/espruino/Espruino/commit/bed844f109b6c222816740555068de2e101e8018, https://github.com/espruino/Espruino/files/2019228/eh0.txt, https://github.com/espruino/Espruino/issues/1426, https://github.com/espruino/Espruino/issues/1426, https://github.com/espruino/Espruino/commit/bed844f109b6c222816740555068de2e101e8018, https://github.com/espruino/Espruino/files/2019228/eh0.txt
Basic Information
Ecosystem
