Source: iotjs X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for iotjs. CVE-2021-41682[0]: | There is a heap-use-after-free at ecma-helpers-string.c:1940 in | ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 https://github.com/jerryscript-project/jerryscript/issues/4747 https://github.com/jerryscript-project/jerryscript/commit/3ad76f932c8d2e3b9ba2d95e64848698ec7d7290 CVE-2021-41683[1]: | There is a stack-overflow at ecma-helpers.c:326 in | ecma_get_lex_env_type in JerryScript 2.4.0 https://github.com/jerryscript-project/jerryscript/issues/4745 CVE-2021-41751[2]: | Buffer overflow vulnerability in file ecma-builtin-array- | prototype.c:909 in function ecma_builtin_array_prototype_object_slice | in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 | on Oct 20, 2021. https://github.com/jerryscript-project/jerryscript/pull/4797 https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2 CVE-2021-41959[3]: | JerryScript Git version 14ff5bf does not sufficiently track and | release allocated memory via jerry-core/ecma/operations/ecma-regexp- | object.c after RegExp, which causes a memory leak. https://github.com/jerryscript-project/jerryscript/issues/4781 https://github.com/jerryscript-project/jerryscript/pull/4166 https://github.com/jerryscript-project/jerryscript/pull/4787 CVE-2021-42863[4]: | A buffer overflow in ecma_builtin_typedarray_prototype_filter() in | JerryScript version fe3a5c0 allows an attacker to construct a fake | object or a fake arraybuffer with unlimited size. https://github.com/jerryscript-project/jerryscript/issues/4793 https://github.com/jerryscript-project/jerryscript/pull/4794 https://github.com/jerryscript-project/jerryscript/commit/4e8d6344a8b5cf8f00bd3d5e869147af06d0189e CVE-2021-43453[5]: | A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 | and prior versions via an out-of-bounds read in | parser_parse_for_statement_start in the js-parser-statm.c file. This | issue is similar to CVE-2020-29657. https://github.com/jerryscript-project/jerryscript/pull/4808 https://github.com/jerryscript-project/jerryscript/issues/4754 Fixed by; https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f CVE-2021-46170[6]: | An issue was discovered in JerryScript commit a6ab5e9. There is an | Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c | file. https://github.com/jerryscript-project/jerryscript/issues/4917 https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-41682 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41682 [1] https://security-tracker.debian.org/tracker/CVE-2021-41683 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41683 [2] https://security-tracker.debian.org/tracker/CVE-2021-41751 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41751 [3] https://security-tracker.debian.org/tracker/CVE-2021-41959 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41959 [4] https://security-tracker.debian.org/tracker/CVE-2021-42863 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42863 [5] https://security-tracker.debian.org/tracker/CVE-2021-43453 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43453 [6] https://security-tracker.debian.org/tracker/CVE-2021-46170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46170 Please adjust the affected versions in the BTS as needed.
