CRITICAL🇵🇱 Wersja polska

CVE-2024-24186

CVSS 9.8v3.1pub. 2024-02-07upd. 2025-05-08

Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.

🤖 AI Analysis
How it works

The error classified as CWE-787 (out-of-bounds write) consists of a stack overflow in the IterGetKeysCallback function during input data processing. An attacker can provide specially crafted data that causes excessive recursion depth or writes beyond the stack buffer boundaries. The attack vector is network-based, requires no privileges or user interaction, which significantly lowers the entry threshold for a potential attacker.

Impact

Successful exploitation of the vulnerability may lead to taking full control of the system, including violation of confidentiality, integrity, and availability of data — according to the CVSS vector (C:H/I:H/A:H). Arbitrary code execution (RCE) or application destabilization is possible.

Mitigation & patch

Patches available from the vendor should be applied according to the references. It is recommended to monitor the project repository at https://github.com/pcmacdon/jsish to obtain the patched version. Until the fix is applied, consider restricting network access to the Jsish instance.

Who is affected

Jsish v3.5.0 (commit 42c694c)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jsish

    APP
    Jsish
    3.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-65570CRITICAL9.8PL ✓ten sam produkt

Type confusion w Jsish 2.0 — RCE przez błędny opcode OP_NEXT

CVE-2024-24189CRITICAL9.8PL ✓ten sam produkt

Use-after-free w Jsish v3.5.0 — podatność krytyczna w SplitChar

CVE-2024-24188CRITICAL9.8PL ✓ten sam produkt

Heap-buffer-overflow w Jsish v3.5.0 — podatność krytyczna RCE

CVE-2020-22874CRITICAL9.8ten sam produkt

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to...

CVE-2020-22875CRITICAL9.8ten sam produkt

Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to ...