CVE-2019-16366

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
References
Link Resource
https://github.com/Moddable-OpenSource/moddable/issues/235 Exploit Issue Tracking Third Party Advisory
https://github.com/Moddable-OpenSource/moddable/issues/235 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moddable:moddable:os180329:*:*:*:*:*:*:*
cpe:2.3:a:moddable:xs:9.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () https://github.com/Moddable-OpenSource/moddable/issues/235 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/Moddable-OpenSource/moddable/issues/235 - Exploit, Issue Tracking, Third Party Advisory

15 Jul 2021, 19:59

Type Values Removed Values Added
CPE cpe:2.3:a:moddable:moddable:180329:*:*:*:*:*:*:* cpe:2.3:a:moddable:moddable:os180329:*:*:*:*:*:*:*

Information

Published : 2019-09-16 17:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16366

Mitre link : CVE-2019-16366

CVE.ORG link : CVE-2019-16366


JSON object : View

Products Affected

moddable

  • moddable
  • xs
CWE
CWE-787

Out-of-bounds Write