Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-1145

Опубликовано: 19 янв. 2026
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

A flaw was found in quickjs-ng quickjs. This vulnerability, a heap-based buffer overflow, exists in the js_typed_array_constructor_ta function. A remote attacker can exploit this by sending specially crafted input, which could lead to unauthorized information disclosure or system instability (denial of service).

Отчет

This vulnerability is rated Important for Red Hat products. A heap-based buffer overflow flaw in the js_typed_array_constructor_ta function of quickjs-ng can be exploited remotely. This issue affects components that embed quickjs-ng, such as radare2 in Red Hat Community Projects, when processing untrusted JavaScript content.

Меры по смягчению последствий

To mitigate this issue, avoid processing untrusted JavaScript content with applications that embed quickjs-ng, such as radare2. Restricting the execution of untrusted scripts can reduce the exposure to this vulnerability.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=2430790quickjs-ng: quickjs-ng quickjs: Heap-based buffer overflow leading to information disclosure or denial of service

EPSS

Процентиль: 27%
0.00095
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-1145

CVSS3: 6.3
nvd
2 месяца назад

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

debian логотип

CVE-2026-1145

CVSS3: 6.3
debian
2 месяца назад

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by ...

github логотип

GHSA-jqv9-g2ph-pfw9

CVSS3: 6.3
github
2 месяца назад

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

EPSS

Процентиль: 27%
0.00095
Низкий

6.3 Medium

CVSS3