Описание
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
Ссылки
- Release Notes
- Patch
- ExploitIssue TrackingVendor Advisory
- Patch
- ExploitIssue TrackingVendor Advisory
- Issue TrackingPatch
Уязвимые конфигурации
Конфигурация 1Версия до 2025-04-26 (исключая)Версия до 0.9.0 (включая)
Одно из
cpe:2.3:a:bellard:quickjs:*:*:*:*:*:*:*:*
cpe:2.3:a:quickjs-ng:quickjs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00035
Низкий
5.6 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-770
Связанные уязвимости
CVSS3: 5.6
ubuntu
10 месяцев назад
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
CVSS3: 5.6
debian
10 месяцев назад
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString f ...
CVSS3: 5.6
github
10 месяцев назад
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
EPSS
Процентиль: 10%
0.00035
Низкий
5.6 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-770