Candidate: CVE-2018-11418
PublicDate: 2018-05-24 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11418
 https://github.com/jerryscript-project/jerryscript/issues/2237
 https://github.com/jerryscript-project/jerryscript/pull/2352
Description:
 An issue was discovered in JerryScript 1.0. There is a heap-based buffer
 over-read in the lit_read_code_unit_from_utf8 function via a
 RegExp("[\\u0020") payload, related to re_parse_char_class in
 parser/regexp/re-parser.c.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_iotjs:
 upstream: https://github.com/jerryscript-project/jerryscript/pull/2352/commits/7c3f2bc8c7ed0c28a1ea097d7177363f8998a566
upstream_iotjs: released (1.0+715-1)
precise/esm_iotjs: DNE
trusty_iotjs: ignored (out of standard support)
trusty/esm_iotjs: DNE
xenial_iotjs: DNE
bionic_iotjs: needed
focal_iotjs: DNE
groovy_iotjs: ignored (reached end-of-life)
hirsute_iotjs: ignored (reached end-of-life)
impish_iotjs: needed
jammy_iotjs: needed
devel_iotjs: needed