CVE-2025-46687

Опубликовано: 27 апр. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.6

Описание

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	DNE
noble	needs-triage
oracular	ignored	end of life, was needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage
upstream	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 10%

0.00035

Низкий

5.6 Medium

CVSS3

Связанные уязвимости

CVE-2025-46687

CVSS3: 5.6

nvd

10 месяцев назад

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

CVE-2025-46687

CVSS3: 5.6

debian

10 месяцев назад

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString f ...

GHSA-hrc5-3jpv-g9x2

CVSS3: 5.6

github

10 месяцев назад

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

EPSS

Процентиль: 10%

0.00035

Низкий

5.6 Medium

CVSS3

CVE-2025-46687

Описание

Пакет quickjs

Ссылки на источники

Связанные уязвимости