CRITICAL🇵🇱 Wersja polska

CVE-2024-24189

CVSS 9.8v3.1pub. 2024-02-07upd. 2025-06-20

Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.

🤖 AI Analysis
How it works

A use-after-free vulnerability occurs when a program references a memory area that has already been freed. In the case of Jsish, this error occurs in the SplitChar function in the jsiUtils.c module. An attacker can remotely, without authentication and without user interaction, invoke this function in a way that causes improper memory management. Manipulation of the freed memory area can enable takeover of control over the program's execution flow.

Impact

An attacker can remotely gain full control over the vulnerable system, including causing disclosure of sensitive data, data modification, or complete loss of service availability (RCE or process crash).

Mitigation & patch

Apply patches available from the vendor according to the references. It is recommended to monitor the project repository at https://github.com/pcmacdon/jsish for current information about fixes.

Who is affected

Jsish v3.5.0 (commit 42c694c)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Jsish

    APP
    Jsish
    3.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-65570CRITICAL9.8PL ✓ten sam produkt

Type confusion w Jsish 2.0 — RCE przez błędny opcode OP_NEXT

CVE-2024-24188CRITICAL9.8PL ✓ten sam produkt

Heap-buffer-overflow w Jsish v3.5.0 — podatność krytyczna RCE

CVE-2024-24186CRITICAL9.8PL ✓ten sam produkt

Stack-overflow w Jsish v3.5.0 — przepełnienie stosu w IterGetKeysCallback

CVE-2020-22874CRITICAL9.8ten sam produkt

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to...

CVE-2020-22875CRITICAL9.8ten sam produkt

Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to ...