CVE-2018-1000668

{"id": "CVE-2018-1000668", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2018-09-06T17:29:01.970", "references": [{"url": "https://jsish.org/fossil/jsi/tktview?name=9602dbd997", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jsish.org/fossil/jsi/tktview?name=9602dbd997", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to have been fixed in 2.4.71."}, {"lang": "es", "value": "jsish 2.4.70 2.047 contiene una vulnerabilidad de lectura fuera de l\u00edmites (CWE-125) en la funci\u00f3n jsi_ObjArrayLookup (jsiObj.c:274) que puede resultar en un cierre inesperado debido a un fallo de segmentaci\u00f3n. El ataque parece ser explotable si una v\u00edctima ejecuta c\u00f3digo JavaScript manipulado. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 2.4.71."}], "lastModified": "2024-11-21T03:40:22.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jsish:jsish:2.4.70_2.047:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44F3241A-C5E3-41D3-899D-C48EE0320174"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}