{"id":"CVE-2020-13649","details":"parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.","modified":"2026-04-11T21:19:48.772706Z","published":"2020-05-28T15:15:11.980Z","references":[{"type":"ADVISORY","url":"https://github.com/jerryscript-project/jerryscript/issues/3786"},{"type":"ADVISORY","url":"https://github.com/jerryscript-project/jerryscript/issues/3788"},{"type":"FIX","url":"https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jerryscript-project/jerryscript","events":[{"introduced":"0"},{"last_affected":"5fdeb7c1d68e8c5209e186e1760bc703a723d588"},{"fixed":"69f8e78c2f8d562bd6d8002b5488f1662ac30d24"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.0"}]}}],"versions":["v2.0","v2.1.0","v2.2.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"source":"https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24","id":"CVE-2020-13649-71eeec65","target":{"file":"jerry-core/parser/js/js-scanner.c","function":"scanner_scan_all"},"signature_version":"v1","digest":{"length":25059,"function_hash":"1459472975261504320315232053591083066"},"signature_type":"Function"},{"deprecated":false,"source":"https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24","id":"CVE-2020-13649-f89fd790","target":{"file":"jerry-core/parser/js/js-scanner.c"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["118280171358725061056438347457481750206","182048513183240838525288770318028775722","318402006254407280310692953307372817476","210513893507243599285703538621383706516","46412561222064946992300094772560980704","107846141584194681994606450169091482580","22881161112271963883600011056044975492","233429901850187016262363837174079936133","243224151874946108244189027554088534386","281848141320374007042674628154506535261","276007932065490219701616773545362515897","326988969911511843254629517761117419575","311831982671019383219353879404485583492","114827096776390396193020041391766756636","87848473180859773516743911409838015160","244720887806370731190314690784328507376","33929727025605840101843431290591442962","168308789134932366054929352340754440839","250033707467200797118673107312822241100","186665672300426185435252884127621639072","282783108027011723287559967596076658093","190885665719961322922688087972039051938","75824462873091778594292195328095602094","306247630140763384563660608097987739358","159958695570668128157619167772871754589","317108410479963322036752005968306967446","243020304723928515357773088334271190778","74095387559624231783439355532170436993","335005943085415373092494980736609907718","246530947635349661404662814617898879027","146664557882824313679777661239990464722","37455148049124048628849492102811546810","219517750744590102110928965489729865599","19008741474121516231839420416901268888","32950743998379238967525305581104716784","145678132245892862726095651486041371750","284238053372367171927799512545699867312"]},"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13649.json","vanir_signatures_modified":"2026-04-11T21:19:48Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}