Wiz
Vulnerability DatabaseCVE-2022-22891

CVE-2022-22891
Homebrew vulnerability analysis and mitigation

Overview

Jerryscript version 3.0.0 was discovered to contain a SEGV (Segmentation Violation) vulnerability in the ecmarefobject_inline function located in /jerry-core/ecma/base/ecma-gc.c. The vulnerability was identified and disclosed on December 9, 2021 (GitHub Issue).

Technical details

The vulnerability manifests as a segmentation fault triggered by a read memory access at an unknown address (0x41b58ab0). The issue occurs within the ecmarefobjectinline function in the garbage collection component of the JerryScript engine. When tested on Ubuntu 18.04.5 LTS with Linux kernel 5.4.0-44-generic x8664, the vulnerability can be reproduced using specific JavaScript code involving Promise operations and Object.assign functionality (GitHub Issue).

Impact

When exploited, the vulnerability causes the JerryScript engine to crash due to a segmentation violation, resulting in a denial of service condition. The crash occurs during memory access operations in the garbage collection process, potentially affecting applications that rely on JerryScript for JavaScript execution (GitHub Issue).

Mitigation and workarounds

The issue was tracked and resolved through GitHub issue #4871 and subsequently fixed in later versions of JerryScript. Users should upgrade to a version newer than 3.0.0 to mitigate this vulnerability (GitHub Issue).

Additional resources

SourceThis report was generated using AI

Related Homebrew vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-66222CRITICAL9.6
  • HomebrewHomebrew
  • deepchat
NoNoDec 03, 2025
CVE-2025-12819HIGH8.1
  • NixOSNixOS
  • pgbouncer
NoYesDec 03, 2025
CVE-2025-59789HIGH7.5
  • HomebrewHomebrew
  • brpc
NoYesDec 01, 2025
CVE-2025-63317MEDIUM5.4
  • NixOSNixOS
  • todoist
NoNoDec 01, 2025
CVE-2025-65105MEDIUM5.3
  • NixOSNixOS
  • apptainer
NoYesDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo