CVE-2025-46687 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also af…
Medium CVSS: 5.6

CVE-2025-46687

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
Vendor
Bellard
Product
Quickjs
CWE
CWE-770
Yayın Tarihi
2025-04-27 20:15:15
Güncelleme
2026-01-14 17:30:17
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-770 Quickjs MEDIUM Bellard 2025

Referanslar

https://bellard.org/quickjs/Changelog https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a https://github.com/bellard/quickjs/issues/399 https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465 https://github.com/quickjs-ng/quickjs/issues/1018 https://github.com/quickjs-ng/quickjs/pull/1020