Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-1144

Опубликовано: 19 янв. 2026
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

A flaw was found in quickjs-ng. A remote attacker could exploit a use-after-free vulnerability within the Atomics Ops Handler component, specifically in the quickjs.c file. This manipulation could lead to arbitrary code execution, information disclosure, or a denial of service. The exploit for this vulnerability is publicly available.

Отчет

This vulnerability is rated Important for Red Hat. A use-after-free flaw in the quickjs-ng JavaScript engine's Atomics Ops handler can be exploited remotely. If quickjs-ng is used in a Red Hat product, this could lead to arbitrary code execution. The exploit is publicly available.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-825
https://bugzilla.redhat.com/show_bug.cgi?id=2430785quickjs-ng: quickjs-ng: Use-after-free vulnerability in Atomics Ops Handler

EPSS

Процентиль: 37%
0.00159
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-1144

CVSS3: 6.3
ubuntu
2 месяца назад

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

nvd логотип

CVE-2026-1144

CVSS3: 6.3
nvd
2 месяца назад

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

debian логотип

CVE-2026-1144

CVSS3: 6.3
debian
2 месяца назад

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affec ...

github логотип

GHSA-2gmr-vqp5-r9qg

CVSS3: 6.3
github
2 месяца назад

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

EPSS

Процентиль: 37%
0.00159
Низкий

6.3 Medium

CVSS3