Описание
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the js_typed_array_constructor function of the quickjs.c file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or potentially arbitrary code execution.
Отчет
This vulnerability is rated Important for Red Hat. A heap-based buffer overflow in the js_typed_array_constructor function of quickjs-ng can be exploited by a remote attacker through specially crafted manipulation. This flaw may lead to information disclosure, denial of service, or arbitrary code execution. This affects components such as radare2 in Community Projects (EPEL 8, 9, 10 and Fedora 42, 43).
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Ссылки на источники
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. Thi ...
A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.
7.3 High
CVSS3