Espruino
Products
1- 20 CVEs
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-19693 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2023 | An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint. | ||
| CVE-2020-22884 | Cri | 0.64 | 9.8 | 0.03 | Jul 13, 2021 | Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. | ||
| CVE-2022-25465 | Hig | 0.51 | 7.8 | 0.01 | Mar 5, 2022 | Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling. | ||
| CVE-2021-46325 | Hig | 0.51 | 7.8 | 0.01 | Jan 20, 2022 | Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf. | ||
| CVE-2021-46324 | Hig | 0.51 | 7.8 | 0.01 | Jan 20, 2022 | Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. | ||
| CVE-2018-20201 | Hig | 0.51 | 7.8 | 0.01 | Dec 18, 2018 | There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file. | ||
| CVE-2024-25201 | Hig | 0.49 | 7.5 | 0.01 | Feb 7, 2024 | Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. | ||
| CVE-2024-25200 | Hig | 0.49 | 7.5 | 0.01 | Feb 7, 2024 | Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. | ||
| CVE-2020-23257 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2023 | Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. | ||
| CVE-2021-46323 | Med | 0.36 | 5.5 | 0.01 | Jan 20, 2022 | Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass. | ||
| CVE-2022-25044 | Hig | 0.00 | 7.8 | 0.01 | Mar 5, 2022 | Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString. | ||
| CVE-2018-11598 | Hig | 0.00 | 7.1 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c. | ||
| CVE-2018-11597 | Med | 0.00 | 5.5 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c. | ||
| CVE-2018-11596 | Med | 0.00 | 5.5 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c. | ||
| CVE-2018-11595 | Hig | 0.00 | 7.8 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused. | ||
| CVE-2018-11594 | Med | 0.00 | 5.5 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c. | ||
| CVE-2018-11593 | Hig | 0.00 | 7.1 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c. | ||
| CVE-2018-11592 | Med | 0.00 | 5.5 | 0.01 | May 31, 2018 | Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. | ||
| CVE-2018-11591 | Med | 0.00 | 5.5 | 0.01 | May 31, 2018 | Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c. | ||
| CVE-2018-11590 | Med | 0.00 | 5.5 | 0.01 | May 31, 2018 | Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c. |
- risk 0.64cvss 9.8epss 0.01
An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.
- risk 0.64cvss 9.8epss 0.03
Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.01
Espruino 2v11 release was discovered to contain a stack buffer overflow via src/jsvar.c in jsvGetNextSibling.
- risk 0.51cvss 7.8epss 0.01
Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf.
- risk 0.51cvss 7.8epss 0.01
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
- risk 0.51cvss 7.8epss 0.01
There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file.
- risk 0.49cvss 7.5epss 0.01
Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c.
- risk 0.49cvss 7.5epss 0.01
Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c.
- risk 0.49cvss 7.5epss 0.01
Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.
- risk 0.36cvss 5.5epss 0.01
Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDeviceFromClass.
- risk 0.00cvss 7.8epss 0.01
Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromString.
- risk 0.00cvss 7.1epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.
- risk 0.00cvss 5.5epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
- risk 0.00cvss 5.5epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.
- risk 0.00cvss 7.8epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused.
- risk 0.00cvss 5.5epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.
- risk 0.00cvss 7.1epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c.
- risk 0.00cvss 5.5epss 0.01
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.
- risk 0.00cvss 5.5epss 0.01
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c.
- risk 0.00cvss 5.5epss 0.01
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c.