CNNVD-202510-2343 Information

CNNVD ID

CNNVD-202510-2343

Related CVE

CVE-2025-62494

• CNNVD Published: 2025-10-16

Description (Chinese)

QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS存在安全漏洞，该漏洞源于处理字符串加法操作时存在类型混淆，可能导致越界内存访问和内存损坏，进而执行任意代码。

Description (English)

QuickJS is a small, embedded Javascript engine for QuickJS open source. QuickJS had a security loophole, which stemmed from the type of confusion in handling string addition operations, which could lead to cross-border memory access and memory damage, leading to the enforcement of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

QuickJS

Published

2025-10-16

Last Modified

2026-02-24

References

https://bellard.org/quickjs/Changelog https://issuetracker.google.com/434193023