CVE-2025-46687

Опубликовано: 27 апр. 2025

Источник: debian

EPSS Низкий

Описание

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
quickjs	fixed	2025.04.26-1		package

Примечания

https://github.com/quickjs-ng/quickjs/issues/1018
https://github.com/bellard/quickjs/issues/399
https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a

EPSS

Процентиль: 3%

0.00019

Низкий

Связанные уязвимости

CVE-2025-46687

CVSS3: 5.6

ubuntu

около 2 месяцев назад

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

CVE-2025-46687

CVSS3: 5.6

nvd

около 2 месяцев назад

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

GHSA-hrc5-3jpv-g9x2

CVSS3: 5.6

github

около 2 месяцев назад

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

EPSS

Процентиль: 3%

0.00019

Низкий