CVE-2023-36109: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

September 20, 2023 (updated September 22, 2023)

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.

References

github.com/Limesss/CVE-2023-36109/tree/main
github.com/jerryscript-project/jerryscript/issues/5080
nvd.nist.gov/vuln/detail/CVE-2023-36109

Detect and mitigate CVE-2023-36109 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →