Quickjs
Monthly
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor_ta function allows remote attackers to corrupt memory and potentially achieve code execution with user interaction. Public exploit code exists for this vulnerability, increasing practical attack risk. A patch is available and should be applied immediately.
Use-after-free in QuickJS up to version 0.11.0 within the Atomics Ops Handler allows remote attackers to trigger memory corruption without authentication. Public exploit code exists for this vulnerability, enabling potential information disclosure or denial of service. A patch is available and should be applied immediately.
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_sort function allows remote attackers to corrupt memory and potentially achieve code execution with minimal user interaction. Public exploit code exists for this vulnerability. Users should apply the available patch (commit 53eefbcd695165a3bd8c584813b472cb4a69fbf5) to remediate the risk.
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor function allows unauthenticated remote attackers to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Affected users should apply patch c5d80831e51e48a83eab16ea867be87f091783c5 immediately.
A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available.
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available.
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor_ta function allows remote attackers to corrupt memory and potentially achieve code execution with user interaction. Public exploit code exists for this vulnerability, increasing practical attack risk. A patch is available and should be applied immediately.
Use-after-free in QuickJS up to version 0.11.0 within the Atomics Ops Handler allows remote attackers to trigger memory corruption without authentication. Public exploit code exists for this vulnerability, enabling potential information disclosure or denial of service. A patch is available and should be applied immediately.
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_sort function allows remote attackers to corrupt memory and potentially achieve code execution with minimal user interaction. Public exploit code exists for this vulnerability. Users should apply the available patch (commit 53eefbcd695165a3bd8c584813b472cb4a69fbf5) to remediate the risk.
Heap-based buffer overflow in QuickJS up to version 0.11.0 within the js_typed_array_constructor function allows unauthenticated remote attackers to corrupt memory and potentially execute arbitrary code. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. Affected users should apply patch c5d80831e51e48a83eab16ea867be87f091783c5 immediately.
A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available.
quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available.
quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. Rated medium severity (CVSS 5.6), this vulnerability is no authentication required. Public exploit code available.
A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.