CVE-2025-46688

Medium CVSS: 5.6

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

Vendor

Quickjs-ng

Product

Quickjs

CWE

CWE-131

Yayın Tarihi

2025-04-27 20:15:15

Güncelleme

2025-05-30 16:29:54

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-131 Quickjs MEDIUM Quickjs-ng 2025

Referanslar

https://bellard.org/quickjs/Changelog https://github.com/bellard/quickjs/commit/1eb05e44fad89daafa8ee3eb74b8520b4a37ec9a https://github.com/bellard/quickjs/issues/399 https://github.com/quickjs-ng/quickjs/commit/28fa43d3ddff2c1ba91b6e3a788b2d7ba82d1465 https://github.com/quickjs-ng/quickjs/issues/1018 https://github.com/quickjs-ng/quickjs/pull/1020 https://github.com/quickjs-ng/quickjs/issues/1018

Benzer Kayıtlar

Medium

CVE-2026-1145

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_…

Medium

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c o…

Medium

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort o…

Medium

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_arra…

Medium

CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulne…