{"id":"CVE-2020-22875","details":"Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.","modified":"2026-04-11T09:46:22.576850Z","published":"2021-07-13T15:15:08.490Z","references":[{"type":"FIX","url":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98"},{"type":"EVIDENCE","url":"https://github.com/pcmacdon/jsish/issues/10"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pcmacdon/jsish","events":[{"introduced":"0"},{"fixed":"5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98"}]},{"type":"GIT","repo":"https://github.com/pcmacdon/jsish","events":[{"introduced":"0"},{"fixed":"5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98"}]}],"versions":["3.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"3.0.6"}]},{"events":[{"introduced":"0"},{"fixed":"3.0.6"}]}],"vanir_signatures_modified":"2026-04-11T09:46:22Z","vanir_signatures":[{"signature_version":"v1","target":{"file":"src/jsiArray.c"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["273979450384156047512941160134382353916","171986888222652767750480172465209014418","267911689545795601554651666838086347997","317260444709809151671853339607331599564","231112598883015616135964774522509502965","330378996421453389603485021387084336674","210188653856595929268362102387941677076","116276837928940273290827733512602552531","128242440557001170781280938524162140229","171012224070798058439286031011608921852","279954915469696942434203359613038548213","122149335891155046535316747137343772828","56101781593042407514012221436692727729","4895891545119393003842060222480388668","337413407291210960625275044072311418817","156547594901619271246280315565530395527","17076831565632786725086607320223178816","336962066019173256726360657406878347021","71229428066251671541012783971158649845","209256928343137843891544205461287584790","82260787544497133894407021069096966307","270587249780813583994043078522874775062","114876514182873441203071973020397154529","300324499297817877781571471573982259631","24854226728589373247965965359198712471","247138047331515524379033774959222540714","84029878628552172937997407019127446113","95444891731584166932808749677792038433","223182570513345542729648973885556623977","166579587704695777903282402791543148838","70972483245978468380082887576363686793","194771902953639127321257561321921811942","306566625766336645403703382049920452910","185843776796701130753089388649585382265","305866786802011736515761982962036345158","149854689868560801512052235182151169003","157015000456226174118939382287212382798","319305933928591818904984286973810158544","318046025871270715398497657501673728715","235110302565902335369957942055730704433","215211764190627146076646263674086034735","137309918005118043667634613698410290574","176747323653285415119513168683976709785","220349882589739327529994366519035900950","237946709987106047505881645030053382602","292949402675168658807658227543537462320","290146503044207942098152335437518681536","215211764190627146076646263674086034735","137309918005118043667634613698410290574","176747323653285415119513168683976709785","201264827000602249187711325899371861492","237946709987106047505881645030053382602","292949402675168658807658227543537462320","290146503044207942098152335437518681536","215211764190627146076646263674086034735","137309918005118043667634613698410290574","176747323653285415119513168683976709785","201264827000602249187711325899371861492","260273352104031279481510930802045529247","183352526690222227562840031963500577520","212225685781639030165828917128653530751","301678453028832512556971055477378633466","237946709987106047505881645030053382602","292949402675168658807658227543537462320","290146503044207942098152335437518681536","215211764190627146076646263674086034735","137309918005118043667634613698410290574","95813102173906336990104079491418601570","130315778575789545203750536337337465088","148467426237552709774298700021925687405","230347698128273201605518792388131362977","61508541253366202235642791591001326038","212263654501271822149060391683781381785","237946709987106047505881645030053382602","292949402675168658807658227543537462320","290146503044207942098152335437518681536","215211764190627146076646263674086034735","137309918005118043667634613698410290574","329850931563068273584501892890433450888","305318280953929174174605044074826990037","145980288060768837872785339518495119292","44430803730659097231390555471821402376","273773955171567395447674692080029299213","200395077626627052471785317691871686109","333561370077059646055367938975988561162","23938618391686270288652176970773803301","193284916921474400162067918787557086024","29342032366550439128799458482297509444","55338268866374388892382574912273979770","306797151811353898955932222566419331796","53361739720493370181973067176987262424","87136963919216533620205216066043671720","325167521376898571904273437279399236474","104342310828204525706705066831416789373","147197049224112719818540582186868535321","37334565653415428639716352919685604543","88597481193343463331640795907100072003","317260227502647465780296662630563571770","9555641619783544664448293340350214882","103732695841900618864367692368521184799","51261098694359821909369514134577227611","304443227935714015079879735141814187736","295936583243296351160907795565741460257","183000201157813802804790020849526108714","200734919026577157481395110048722045406","330378996421453389603485021387084336674","210188653856595929268362102387941677076","103773833596315489393737356286363019512","316925531546428300457106301007575222280","88272381382639773974215953871105019724","303724363801668251683102678204597323430","133701910052835159133835080149148584838","10745097309354026277081360128242484692","219127823520503880044612450953076898211","73880962444511373434816779565686026118","280535504944246640983228882596012132721","26725246287168431622322455052912458379","325279204740743473978147601902909976237","45898269612107183410324112013292383479","177137380055304115840235407941558529746","1544884843929943591139316669101476597","182006126174539726581104095840638148178","116499730738079903965041561093421940464","323881352663503727495118370087659670131","235696505529923506954803525189790433455","289323980561264235223460914287790561973","129357074544680653228187176244281035677","104885298162825306290364476412554876500","137309918005118043667634613698410290574","4681595339988141188466637369096802797"]},"id":"CVE-2020-22875-2e0ff3e4"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArraySpliceCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"15447269974566292281086608054564869371","length":2214},"id":"CVE-2020-22875-3d84d826"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayUnshiftCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"10590450626284433069412819441609329558","length":1040},"id":"CVE-2020-22875-40a985b8"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayPushCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"295923698803719800986620161210884437990","length":712},"id":"CVE-2020-22875-6fc04225"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayForeachCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"232339685456551105917957285467429453637","length":1289},"id":"CVE-2020-22875-6fd7e22b"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayShiftCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"66433571202830920075822213800716881887","length":684},"id":"CVE-2020-22875-731751b3"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayReduceSubCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"251685930097264169987531590575019049428","length":1571},"id":"CVE-2020-22875-8f20f8fc"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayFilterCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"289809459623159197486151035630981466129","length":1973},"id":"CVE-2020-22875-bc908c8a"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayConcatCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"166950554651405465342350238836322514671","length":1817},"id":"CVE-2020-22875-bfda2f76"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayFindSubCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"30676772851446975662507011544699916273","length":1794},"id":"CVE-2020-22875-df5d685a"},{"signature_version":"v1","target":{"file":"src/jsiArray.c","function":"jsi_ArrayMapCmd"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Function","deprecated":false,"digest":{"function_hash":"291478578383577087311861897652129124324","length":1739},"id":"CVE-2020-22875-ebdf9cf8"},{"signature_version":"v1","target":{"file":"src/jsiCmds.c"},"source":"https://github.com/pcmacdon/jsish/commit/5408a6d93f45bf1f7acd9ae5d44e0ebd77379e98","signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["27836008642606141096003868074447024075","310566388693532351486132750901454290195","25303325912271083133444597450022289909","225877205751095113729499168684445742662","285978840019926776383136218120261875153","244218641071944030260254543172489664689","19364847090125904712631480064940914147","264801833456554460230675279478046827895","149182158574704060902773107634942686971","85625281091194287036236794884822421032","81358149301823692458420598615080773299"]},"id":"CVE-2020-22875-f51bea21"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-22875.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}