CVE-2021-26195: 
Homebrew vulnerability analysis and mitigation

An issue was discovered in JerryScript 2.4.0, identified as CVE-2021-26195. The vulnerability involves a heap-buffer-overflow in the lexerparsenumber function within the js-lexer.c file. This vulnerability was reported on January 11, 2021, and affects the core parsing functionality of JerryScript (GitHub Issue).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue occurs specifically in the lexerparsenumber function when processing certain numeric inputs. The bug can be triggered by evaluating specific numeric expressions, such as '0x100000000_', which causes a heap buffer overflow when reading beyond allocated memory boundaries (NVD).

The heap-buffer-overflow vulnerability can lead to potential remote code execution, with high impacts on confidentiality, integrity, and availability of the affected system. The vulnerability allows an attacker to potentially execute arbitrary code or cause system crashes through carefully crafted numeric inputs (NVD).

The vulnerability affects JerryScript version 2.4.0. Users should upgrade to a patched version of JerryScript when available. No specific workarounds have been publicly documented (NVD).