Skip to content
/ js-vuln-db Public
forked from tunz/js-vuln-db

A collection of JavaScript engine CVEs with PoCs

0 stars 405 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Xp0int/js-vuln-db

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

109 Commits
chakra
chakra
 
 
jsc
jsc
 
 
jscript
jscript
 
 
spidermonkey
spidermonkey
 
 
v8
v8
 
 
README.md
README.md
 
 

Repository files navigation

Case Study of JavaScript Engine Vulnerabilities

V8

CVE Number Feature Keywords Credit
CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie
CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot
CVE-2014-3176 Array.concat Side Effect, OOB lokihardt
CVE-2014-7927 Optimization asm.js, OOB Christian Holler
CVE-2014-7928 Optimization Array Christian Holler
CVE-2015-1233 Optimization Array, OOB ?
CVE-2015-1242 Optimization Array, Type Confusion [email protected]
CVE-2015-6764 JSON.stringify Side Effect, OOB, Guang Gong [1]
CVE-2015-6771 TypedArray.map Prototype, OOB ?
CVE-2015-8584 JSON.stringify Side Effect, OOB ?
CVE-2016-1646 Array.concat Side Effect, OOB Wen Xu [2]
CVE-2016-1653 Optimization asm.js, TypedArray, OOB Choongwoo Han [6]
CVE-2016-1665 Optimization asm.js HyungSeok Han [6]
CVE-2016-1669 RegExp Heap Overflow, Integer Overflow Choongwoo Han [6]
CVE-2016-1677 decodeURI Side Effect, Information Leak Guang Gong [1]
CVE-2016-1688 RegExp Max Korenko
CVE-2016-5129 Array Side Effect Jeonghoon Shin
CVE-2016-5172 Parser Scope, eval Choongwoo Han [6]
CVE-2016-5198 Optimization parseInt, Compiler, OOB Tencent Keen Security Lab
CVE-2016-5200 Optimization asm.js TypedArray, OOB Choongwoo Han [6]
CVE-2016-9651 Object.assign Logic, Property Guang Gong [1]
CVE-2017-5030 Array.concat Side Effect, OOB Brendon Tiszka
CVE-2017-5040 Array.indexOf TypedArray, Side Effect, Buffer Neutering Choongwoo Han
CVE-2017-5053 Array.indexOf Side Effect Team Sniper [2]
CVE-2017-5070 Optimization Array, Type Confusion Zhao Qixun [5]
CVE-2017-5071 Compiler OOB Choongwoo Han
CVE-2017-5088 wasm Information Leak Xiling Gong [7]
CVE-2017-5098 Parser Use After Free Jihoon Kim [6]
CVE-2017-5115 Compiler OOB Marco Giovannini
CVE-2017-5116 wasm Race Condition Guang Gong [1]
CVE-2017-5121 Compiler Uninitialized Memory Jordan Rabet [9]
CVE-2017-5122 wasm Side Effect, OOB Choongwoo Han [8]
CVE-2017-15401 wasm Side Effect, OOB ?

ChakraCore

CVE Number Feature Keywords Credit
CVE-2016-3386 Spread Operator Array, Proxy, Stack Overflow Richard Zhu
CVE-2016-7189 Array.join Information Leak Natalie Silvanovich [3]
CVE-2016-7190 Array.map Heap Overflow Natalie Silvanovich [3]
CVE-2016-7194 Function.apply Information Leak Natalie Silvanovich [3]
CVE-2016-7200 Array.filter Heap Corruption Natalie Silvanovich [3]
CVE-2016-7201 Array Prototype, Type Confusion Natalie Silvanovich [3]
CVE-2016-7202 Array.reverse Overflow Natalie Silvanovich [3]
CVE-2016-7203 Array.splice Heap Overflow Natalie Silvanovich [3]
CVE-2016-7240 eval Proxy, Type Confusion Natalie Silvanovich [3]
CVE-2016-7241 JSON.parse Information Leak Natalie Silvanovich [3]
CVE-2016-7286 SIMD.toLocaleString Uninitialized Memory Natalie Silvanovich [3]
CVE-2016-7287 Intl Initialization, Type Confusion Natalie Silvanovich [3]
CVE-2016-7288 TypedArray.sort Side Effect, Buffer Neutering Natalie Silvanovich [3]
CVE-2017-0015 Spread Operator Side Effect, Uninitialized Memory Qixun Zhao [4]
lokihart
Simon Zuckerbraun
CVE-2017-0071 Optimization Array, Type Confusion lokihardt [3]
CVE-2017-0134 Array.concat Side Effect, Type Confusion Jordan Rabet
CVE-2017-0141 Array.reverse Side Effect Semmle Inc
CVE-2017-8548 Optimization Array lokihardt [3]
CVE-2017-8601 Optimization Array lokihardt [3]
CVE-2017-8634 Array.concat Side Effect Hao Lian [5]
HyungSeok Han [6]
CVE-2017-8636 Compiler Integer Overflow lokihardt [3]
CVE-2017-8640 arguments, Compiler, Uninitialize Memory lokihardt [3]
CVE-2017-8645 Compiler asm.js lokihardt [3]
CVE-2017-8646 Compiler asm.js lokihardt [3]
CVE-2017-8656 try Uninitialized Memory lokihardt [3]
CVE-2017-8657 Compiler asm.js lokihardt [3]
CVE-2017-8670 arguments Compiler, Uninitialize Memory lokihardt [3]
CVE-2017-8671 Function.call Integer Overflow lokihardt [3]
CVE-2017-8729 Parser Object lokihardt [3]
CVE-2017-8740 Parser Scope lokihardt [3]
CVE-2017-8751 Object.setPrototypeOf Memory corruption lokihardt [3]
CVE-2017-8755 Parser asm.js lokihardt [3]
CVE-2017-11764 Parser eval lokihardt [3]
CVE-2017-11799 Compiler JIT lokihardt [3]
CVE-2017-11802 Compiler String.replace, Type Confusion lokihardt [3]
CVE-2017-11809 Compiler Recursive function, Uninitialized Memory lokihardt [3]
CVE-2017-11811 Compiler Type confusion lokihardt [3]
CVE-2017-11839 Compiler JIT lokihardt [3]
CVE-2017-11840 Compiler JIT lokihardt [3]
CVE-2017-11841 Compiler JIT lokihardt [3]
CVE-2017-11861 Compiler Integer Overflow lokihardt [3]
CVE-2017-11870 Compiler JIT lokihardt [3]
CVE-2017-11873 Compiler JIT lokihardt [3]
CVE-2017-11893 Compiler JIT, Math lokihardt [3]
CVE-2017-11909 Compiler JIT lokihardt [3]
CVE-2017-11911 Compiler asm.js, OOB lokihardt [3]
CVE-2017-11918 Compiler JIT lokihardt [3]

JavaScriptCore

CVE Number Feature Keywords Credit
CVE-2016-1857 Array.join Side Effect, Use After Free Liang Chen, Zhen Feng, wushi [2]
Jeonghoon Shin
CVE-2016-4622 Array.slice Side Effect, OOB Samuel Groß
CVE-2016-4734 TypedArray.copyWithin
TypedArray.fill		 Side Effect, Buffer Neutering Natalie Silvanovich [3]
CVE-2017-2446 Funciton.caller Type Confusion Natalie Silvanovich [3]
CVE-2017-2447 Function.bind OOB Natalie Silvanovich [3]
CVE-2017-2464 Array.concat Integer Overflow Natalie Silvanovich [3]
CVE-2017-2491 String.replace RegExp, Use After Free Samuel Groß, and Niklas Baumstark
CVE-2017-2521 Array.length OOB lokihardt [3]
CVE-2017-2531 OOB lokihardt [3]
CVE-2017-2536 Spread Operator Array, Integer Overflow Samuel Groß, and Niklas Baumstark
CVE-2017-2547 Optimization parseInt, Compiler, OOB lokihardt [3]
CVE-2017-6980 Array.splice Uninitialized Memory lokihardt [3]
CVE-2017-6984 Intl.getCanonicalLocales Heap Overflow lokihardt [3]
CVE-2017-7056 arguments Uninitialized Memory lokihardt [3]
CVE-2017-7061 Compiler for-in, Type Confusion lokihardt [3]
CVE-2017-7092 String.link Heap Overflow Samuel Gro and Niklas Baumstark
Qixun Zhao [5]
CVE-2017-7117 Compiler for-in, Type Confusion lokihardt [3]

SpiderMonkey

CVE Number Feature Keywords Credit
CVE-2014-1513 TypedArray.subarray OOB, Buffer Neutering, Side Effect Jüri Aedla

JScript

CVE Number Feature Keywords Credit
CVE-2017-11793 JSON Use After Free ifratric [3]
CVE-2017-11855 Array.slice Uninitialized Variable ifratric [3]
CVE-2017-11890 RegExp Heap overflow ifratric [3]
CVE-2017-11903 Array.join Use After Free ifratric [3]
CVE-2017-11906 RegExp OOB ifratric [3]
CVE-2017-11907 Array.sort Heap overflow ifratric [3]

[1] Qihoo 360
[2] Tencent KeenLab
[3] Google Project Zero
[4] Qihoo 360 Skyeye Labs
[5] Qihoo 360 Vulcan Team
[6] KAIST SoftSec
[7] Tencent Security Platform Department [8] Naver Corporation [9] Microsoft

About

A collection of JavaScript engine CVEs with PoCs

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published