Описание
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
Ссылки
- Product
- Patch
- ExploitThird Party Advisory
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.0 (включая)Версия до 2025-04-26 (исключая)
Одно из
cpe:2.3:a:quickjs-ng:quickjs:*:*:*:*:*:*:*:*
cpe:2.3:a:quickjs_project:quickjs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.00022
Низкий
5.6 Medium
CVSS3
8.4 High
CVSS3
Дефекты
CWE-131
CWE-131
Связанные уязвимости
CVSS3: 5.6
ubuntu
около 2 месяцев назад
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
CVSS3: 5.6
debian
около 2 месяцев назад
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadB ...
CVSS3: 5.6
github
около 2 месяцев назад
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
EPSS
Процентиль: 4%
0.00022
Низкий
5.6 Medium
CVSS3
8.4 High
CVSS3
Дефекты
CWE-131
CWE-131