{"id":"CVE-2017-9250","details":"The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via malformed JavaScript source code, related to the jmem_heap_free_block function.","modified":"2026-04-11T04:59:57.173172Z","published":"2017-05-28T20:29:00.217Z","references":[{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038413"},{"type":"ADVISORY","url":"https://github.com/zherczeg/jerryscript/commit/03a8c630f015f63268639d3ed3bf82cff6fa77d8"},{"type":"FIX","url":"https://github.com/jerryscript-project/jerryscript/commit/e58f2880df608652aff7fd35c45b242467ec0e79"},{"type":"EVIDENCE","url":"https://github.com/jerryscript-project/jerryscript/issues/1821"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jerryscript-project/jerryscript","events":[{"introduced":"0"},{"last_affected":"63f739e5a0f64abb4e3d2ed103a2f2813c1f2257"},{"fixed":"e58f2880df608652aff7fd35c45b242467ec0e79"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0-NA"}]}},{"type":"GIT","repo":"https://github.com/zherczeg/jerryscript","events":[{"introduced":"0"},{"fixed":"03a8c630f015f63268639d3ed3bf82cff6fa77d8"}]}],"versions":["v1.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T04:59:57Z","vanir_signatures":[{"digest":{"length":1418,"function_hash":"26603491970781079697683319097974016813"},"signature_type":"Function","id":"CVE-2017-9250-cd0e1e24","target":{"file":"jerry-core/parser/js/js-lexer.c","function":"lexer_process_char_literal"},"source":"https://github.com/jerryscript-project/jerryscript/commit/e58f2880df608652aff7fd35c45b242467ec0e79","deprecated":false,"signature_version":"v1"},{"digest":{"length":1418,"function_hash":"26603491970781079697683319097974016813"},"signature_type":"Function","id":"CVE-2017-9250-db52af29","target":{"file":"jerry-core/parser/js/js-lexer.c","function":"lexer_process_char_literal"},"source":"https://github.com/zherczeg/jerryscript/commit/03a8c630f015f63268639d3ed3bf82cff6fa77d8","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9250.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}