CVE-2020-22874

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-22874

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-22874.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-22874

Published

2021-07-13T15:15:08.457Z

Modified

2025-11-20T11:21:22.241159Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.

References

Affected packages

Git / github.com/pcmacdon/jsish

Affected ranges

Type: GIT
Repo: https://github.com/pcmacdon/jsish
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

858da537bde4de9d8c92466d5a866505310bc328

Affected versions

3.*

3.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "202206351058892856260573845045713298942",
                "131613120852156024249436583106160713804",
                "115343551472456355214492719486222050789",
                "302931350087201046956865953107752227928",
                "19194874872551402985605542793199301390",
                "38950074411595799094338931258172200146",
                "118242455269030763046840636725588167434",
                "281779591134081646680921127782472736840",
                "99334141839382299141250438365342349500",
                "79604531955387046490826320044570897103",
                "70787085119214832182565774140990076051",
                "213724755942381815695908253714905864027"
            ]
        },
        "id": "CVE-2020-22874-0095c650",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Line",
        "target": {
            "file": "src/jsiInterp.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "157845662099615217345996781234950210549",
                "205689039989110797671845534079127765828",
                "172912923894550398179665174054928698538",
                "172283037334713290254760529888640714854"
            ]
        },
        "id": "CVE-2020-22874-0c666115",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Line",
        "target": {
            "file": "src/jsiInt.h"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 646.0,
            "function_hash": "168224442810609026816070834887631445239"
        },
        "id": "CVE-2020-22874-1251078c",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiObj.c",
            "function": "Jsi_ObjArraySizer"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "17608338619224154507432247404878548253",
                "175199290779722145789801114718366460264",
                "19859378292462114681187694519512095770",
                "6215026486100820483009030974144285172"
            ]
        },
        "id": "CVE-2020-22874-1811a31c",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Line",
        "target": {
            "file": "src/jsiArray.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 557.0,
            "function_hash": "323429002001689139426992597742905544915"
        },
        "id": "CVE-2020-22874-1a7aff31",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiValue.c",
            "function": "Jsi_ValueInsertArray"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "339943975686569814490554239315737086604",
                "280757539070662154855197268845882301424",
                "187800012601015727853244555609703459326",
                "141859195676548413304971031209460637026",
                "41922006643038761381358003821270295946",
                "74471401105749468929386464724938908679",
                "240953856817251607367881944445912050873",
                "338234158375969879503813123243930671674"
            ]
        },
        "id": "CVE-2020-22874-1cfb62d0",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Line",
        "target": {
            "file": "src/jsiValue.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 602.0,
            "function_hash": "71148092029613014378151265980082011055"
        },
        "id": "CVE-2020-22874-5c4c2777",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiObj.c",
            "function": "ObjListifyCallback"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 5613.0,
            "function_hash": "184034187485478493095902782339187638265"
        },
        "id": "CVE-2020-22874-6b213e9a",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiCData.c",
            "function": "CDataStructDefineCmd"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 16406.0,
            "function_hash": "247767554942924203620319243852516650620"
        },
        "id": "CVE-2020-22874-6e9df9bb",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiInterp.c",
            "function": "jsi_InterpNew"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 918.0,
            "function_hash": "31192272240537287670970115722147461036"
        },
        "id": "CVE-2020-22874-bee12dd7",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiValue.c",
            "function": "jsi_ValueObjKeyAssign"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "9149341086160505057419576682860351595",
                "318245099965756809946153529065333964327",
                "223661189659862932776079676325930809388",
                "173724375446540878652993041140200497899",
                "252005883819654374358125278240071748603",
                "206443891900787354334941690445662585742",
                "143002426475488471795344107070573237887",
                "201913497176703988431825136881472087894",
                "67831652941639897455716788194453874571",
                "12223678430553005783008348848169853433",
                "333050108104863352204428022682569389638",
                "42183910712188964182009291583388035558",
                "161218196594016197184505323248669714224"
            ]
        },
        "id": "CVE-2020-22874-e1ec931e",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Line",
        "target": {
            "file": "src/jsiObj.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "255520844668788751141109450842856837895",
                "89151864832078375453226726224516646796",
                "199606037366710635029004105287745038783",
                "261853860623133326061768501038367072427",
                "181584547942781680686472196475925286414"
            ]
        },
        "id": "CVE-2020-22874-ec757d2b",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Line",
        "target": {
            "file": "src/jsiCData.c"
        },
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "length": 642.0,
            "function_hash": "58843197263898162944120908336221959759"
        },
        "id": "CVE-2020-22874-f43bd923",
        "source": "https://github.com/pcmacdon/jsish/commit/858da537bde4de9d8c92466d5a866505310bc328",
        "signature_type": "Function",
        "target": {
            "file": "src/jsiArray.c",
            "function": "jsi_ArrayFlatSub"
        },
        "signature_version": "v1",
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-22874.json"