First published: Thu May 31 2018(Updated: )
Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '{' characters in jsparse.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Espruino Espruino | <1.99 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11597 is a vulnerability in Espruino before version 1.99 that allows attackers to cause a denial of service by crashing the application with a user-crafted input file.
CVE-2018-11597 works by exploiting a buffer overflow during syntax parsing in Espruino, due to a missing check for stack exhaustion with many '{' characters in the jsparse.c file.
CVE-2018-11597 has a severity rating of medium with a CVSS score of 5.5.
Espruino versions up to but excluding 1.99 are affected by CVE-2018-11597.
Yes, the issue has been addressed in Espruino version 1.99 and later.