{"id":"CVE-2020-25465","details":"Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).","modified":"2026-04-12T00:36:58.497262Z","published":"2020-12-04T17:15:13.040Z","references":[{"type":"ADVISORY","url":"https://github.com/Moddable-OpenSource/moddable/releases/tag/OS200908"},{"type":"EVIDENCE","url":"https://github.com/Moddable-OpenSource/moddable/issues/442"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moddable-opensource/moddable","events":[{"introduced":"0"},{"fixed":"13b939d91415059d75d666eeb0150a406e8aad1c"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"os200908"}],"cpe":"cpe:2.3:a:moddable:moddable:*:*:*:*:*:*:*:*","source":["CPE_FIELD","REFERENCES"]}}],"versions":["OS200831","OS200903"],"database_specific":{"vanir_signatures":[{"target":{"file":"tools/adpcm-lib.c"},"signature_version":"v1","signature_type":"Line","id":"CVE-2020-25465-3324651c","deprecated":false,"source":"https://github.com/moddable-opensource/moddable/commit/13b939d91415059d75d666eeb0150a406e8aad1c","digest":{"line_hashes":["163763250241959081810483249651220768029","196167388763708074432343828433249770400","259217368796255899204184698927223548289","170851852752589358369262650058775792039"],"threshold":0.9}},{"target":{"function":"adpcm_decode_block","file":"tools/adpcm-lib.c"},"signature_version":"v1","signature_type":"Function","id":"CVE-2020-25465-f94c5122","deprecated":false,"source":"https://github.com/moddable-opensource/moddable/commit/13b939d91415059d75d666eeb0150a406e8aad1c","digest":{"function_hash":"296004142866316237889337510996652216417","length":1469}}],"vanir_signatures_modified":"2026-04-12T00:36:58Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25465.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}