CVE-2024-43357 – JavaScript specification issue may lead to type confusion and pointer dereference in implementations

https://notcve.org/view.php?id=CVE-2024-43357

15 Aug 2024 — ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type confusion and pointer dereference. The internal async generator machinery calls regular promise resolver functions on IteratorResult (`{ done, value }`) objects that it creates, assuming that the IteratorResult object... • https://github.com/tc39/ecma262/security/advisories/GHSA-g38c-wh3c-5h9r • CWE-248: Uncaught Exception CWE-476: NULL Pointer Dereference CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •