CVE-2018-1000668

EUVD-2018-1997
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
jsishjsish
2.4.70_2.047:_2.047
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jsish.org/fossil/jsi/tktview?name=9602dbd997
https://jsish.org/fossil/jsi/tktview?name=9602dbd997