Moddable-OpenSource/moddable

GitHub

github.com

www.moddable.com

Releases102

Frequency4 weeks 1 day

Last Release 10 days ago

Stars1.54K

Tools for developers to create truly open IoT products using standard JavaScript on low cost microcontrollers.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-29368 ↗	May 12, 2022Thursday, 12 May 2022, 19:15	7.1 HIGH	5.8 MEDIUM
Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c.
CVE-2021-46326 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	7.8 HIGH	6.8 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __asan_memcpy.
CVE-2021-46335 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	5.5 MEDIUM	4.3 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance.
CVE-2021-46334 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	7.8 HIGH	6.8 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component __interceptor_strcat.
CVE-2021-46333 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	5.5 MEDIUM	4.3 MEDIUM
Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.
CVE-2021-46332 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	7.8 HIGH	6.8 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in fxUint8Getter.
CVE-2021-46331 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	5.5 MEDIUM	4.3 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype.
CVE-2021-46330 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	5.5 MEDIUM	4.3 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat.
CVE-2021-46329 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	5.5 MEDIUM	4.3 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini.
CVE-2021-46328 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	7.8 HIGH	6.8 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __libc_start_main.
CVE-2021-46327 ↗	Jan 20, 2022Thursday, 20 January 2022, 22:15	5.5 MEDIUM	4.3 MEDIUM
Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort.
CVE-2021-29328 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	7.1 HIGH	5.8 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.
CVE-2021-29323 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	5.5 MEDIUM	4.3 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.
CVE-2021-29329 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	7.8 HIGH	6.8 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.
CVE-2021-29327 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	7.8 HIGH	6.8 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.
CVE-2021-29326 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	7.8 HIGH	6.8 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.
CVE-2021-29325 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	7.8 HIGH	6.8 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.
CVE-2021-29324 ↗	Nov 19, 2021Friday, 19 November 2021, 17:15	7.8 HIGH	6.8 MEDIUM
OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.
CVE-2020-22882 ↗	Jul 13, 2021Tuesday, 13 July 2021, 15:15	7.5 HIGH	5 MEDIUM
Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.
CVE-2020-25465 ↗	Dec 4, 2020Friday, 4 December 2020, 17:15	7.5 HIGH	5 MEDIUM
Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).
CVE-2020-25464 ↗	Dec 4, 2020Friday, 4 December 2020, 17:15	7.5 HIGH	5 MEDIUM
Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.
CVE-2020-25463 ↗	Dec 4, 2020Friday, 4 December 2020, 17:15	7.5 HIGH	5 MEDIUM
Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).
CVE-2020-25462 ↗	Dec 4, 2020Friday, 4 December 2020, 17:15	9.8 CRITICAL	7.5 HIGH
Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.
CVE-2020-25461 ↗	Dec 4, 2020Friday, 4 December 2020, 17:15	7.5 HIGH	5 MEDIUM
Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).
CVE-2019-16366 ↗	Sep 16, 2019Monday, 16 September 2019, 17:15	9.8 CRITICAL	7.5 HIGH
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.