CVE-2021-42863: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

May 12, 2022 (updated May 23, 2022)

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

References

github.com/jerryscript-project/jerryscript/issues/4793
github.com/jerryscript-project/jerryscript/pull/4794
nvd.nist.gov/vuln/detail/CVE-2021-42863

Code Behaviors & Features

Detect and mitigate CVE-2021-42863 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →