CVE-2021-41959

Published: May 3, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.

Affected (1)

Products: Jerryscript: Jerryscript

Jerryscript

1 product

Jerryscript

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jerryscript Jerryscript	All versions

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (4)

https://github.com/jerryscript-project/jerryscript/issues/4781

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/jerryscript-project/jerryscript/pull/4787

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/jerryscript-project/jerryscript/issues/4781

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/jerryscript-project/jerryscript/pull/4787

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.