The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jerryscript jerryscript 1.0 |