Preface: A stack is not flexible, the memory size allotted cannot be changed whereas a heap is flexible, and the allotted memory can be altered.
Background: Escargot is a memory optimized JavaScript engine for mid-range devices such as mobile phone, tablet and TV. C++. •. GNU Lesser General Public License v2.1. Memory Efficiency: The engine is designed with memory constraints in mind, making it suitable for devices with limited RAM and storage. Performance Optimization: Escargot implements various optimization techniques to ensure fast execution of JavaScript code, even on low-power devices.
Vulnerability details: Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
Ref: The memory allocated by malloc() not only includes the user requested block but also the data used to manage the heap (size of the block, pointer to other blocks and the like). The vulnerability is that a heap variable can be overflowed to overwrite those management data.
Official announcement: Please refer to the vendor announcement for details –