Jsish
by Jsish
CVEs (39)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-65570 | 0.00 | — | 0.00 | Dec 29, 2025 | A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or enabling code execution depending on heap layout. | |||
| CVE-2024-24189 | 0.00 | — | 0.01 | Feb 7, 2024 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | |||
| CVE-2024-24186 | 0.00 | — | 0.01 | Feb 7, 2024 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | |||
| CVE-2024-24188 | 0.00 | — | 0.01 | Feb 7, 2024 | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | |||
| CVE-2020-23260 | 0.00 | — | 0.00 | Apr 4, 2023 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | |||
| CVE-2020-23258 | 0.00 | — | 0.00 | Apr 4, 2023 | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | |||
| CVE-2020-23259 | 0.00 | — | 0.00 | Apr 4, 2023 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. | |||
| CVE-2021-46507 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. | |||
| CVE-2021-46506 | 0.00 | — | 0.00 | Jan 27, 2022 | There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0. | |||
| CVE-2021-46505 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. | |||
| CVE-2021-46503 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46504 | 0.00 | — | 0.00 | Jan 27, 2022 | There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0. | |||
| CVE-2021-46502 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46501 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46499 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46500 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46498 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46497 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46496 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). | |||
| CVE-2021-46494 | 0.00 | — | 0.00 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). |
- CVE-2025-65570Dec 29, 2025risk 0.00cvss —epss 0.00
A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather than consuming it during OP_INSTANCEOF. As a result, OP_NEXT interprets the array as an iterator object and reads the iterCmd function pointer from an invalid structure, potentially causing a crash or enabling code execution depending on heap layout.
- CVE-2024-24189Feb 7, 2024risk 0.00cvss —epss 0.01
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
- CVE-2024-24186Feb 7, 2024risk 0.00cvss —epss 0.01
Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.
- CVE-2024-24188Feb 7, 2024risk 0.00cvss —epss 0.01
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.
- CVE-2020-23260Apr 4, 2023risk 0.00cvss —epss 0.00
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
- CVE-2020-23258Apr 4, 2023risk 0.00cvss —epss 0.00
An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.
- CVE-2020-23259Apr 4, 2023risk 0.00cvss —epss 0.00
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
- CVE-2021-46507Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.
- CVE-2021-46506Jan 27, 2022risk 0.00cvss —epss 0.00
There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0.
- CVE-2021-46505Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5.
- CVE-2021-46503Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46504Jan 27, 2022risk 0.00cvss —epss 0.00
There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0.
- CVE-2021-46502Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46501Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46499Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46500Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46498Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46497Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46496Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS).
- CVE-2021-46494Jan 27, 2022risk 0.00cvss —epss 0.00
Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS).
Page 1 of 2