Moddable SDK
by Moddable
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25462 | Cri | 0.64 | 9.8 | 0.02 | Dec 4, 2020 | Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. | ||
| CVE-2019-16366 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2019 | In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. | ||
| CVE-2020-25465 | Hig | 0.49 | 7.5 | 0.02 | Dec 4, 2020 | Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||
| CVE-2020-25461 | Hig | 0.49 | 7.5 | 0.01 | Dec 4, 2020 | Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||
| CVE-2021-46330 | Med | 0.36 | 5.5 | 0.01 | Jan 20, 2022 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat. | ||
| CVE-2021-46327 | Med | 0.36 | 5.5 | 0.01 | Jan 20, 2022 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort. |
- risk 0.64cvss 9.8epss 0.02
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.
- risk 0.64cvss 9.8epss 0.01
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
- risk 0.49cvss 7.5epss 0.02
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).
- risk 0.49cvss 7.5epss 0.01
Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).
- risk 0.36cvss 5.5epss 0.01
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat.
- risk 0.36cvss 5.5epss 0.01
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort.