CVE-2025-46688

Опубликовано: 27 апр. 2025

Источник: debian

Описание

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
quickjs	fixed	2025.04.26-1		package

Примечания

https://github.com/quickjs-ng/quickjs/issues/1018
https://github.com/bellard/quickjs/issues/399
https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a

Связанные уязвимости

CVE-2025-46688

CVSS3: 5.6

ubuntu

около 2 месяцев назад

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

CVE-2025-46688

CVSS3: 5.6

nvd

около 2 месяцев назад

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

GHSA-2qc3-w5w6-7r8m

CVSS3: 5.6

github

около 2 месяцев назад

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.