Lucene search

MitreCVE-2018-1000655

HistoryAug 20, 2018 - 7:31 p.m.

CVE-2018-1000655

2018-08-2019:31:45

CWE-476

mitre

web.nvd.nist.gov

jsish

vulnerability

cwe-476

null pointer dereference

javascript

segmentation fault

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2.4.67.

Affected configurations

Nvd

Node

jsishjsishMatch2.4.65

VendorProductVersionCPE
jsishjsish2.4.65cpe:2.3:a:jsish:jsish:2.4.65:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jsish	jsish	2.4.65	cpe:2.3:a:jsish:jsish:2.4.65:::::::*

References

jsish.org/fossil/jsi/tktview/3b8f95574f2c9dddf5ffea71e0086b2e6f6dd71e

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.002

Percentile

52.1%

JSON

Related for CVE-2018-1000655