CVE-2026-1145

Medium CVSS: 5.3

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

Vendor

Quickjs-ng

Product

Quickjs

CWE

CWE-119

Yayın Tarihi

2026-01-19 09:16:02

Güncelleme

2026-02-23 09:16:46

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-119 Quickjs MEDIUM Quickjs-ng 2026

Referanslar

https://github.com/paralin/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de8b4 https://github.com/quickjs-ng/quickjs/ https://github.com/quickjs-ng/quickjs/issues/1305 https://github.com/quickjs-ng/quickjs/issues/1305#issue-3785444372 https://github.com/quickjs-ng/quickjs/pull/1306 https://vuldb.com/?ctiid.341738 https://vuldb.com/?id.341738 https://vuldb.com/?submit.735539

Benzer Kayıtlar

Medium

CVE-2026-1144

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c o…

Medium

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort o…

Medium

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_arra…

Medium

CVE-2025-46688

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer…

Medium

CVE-2024-13903

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulne…