CNNVD-202601-1713 Information

Jan 10, 2026 cve

CNNVD ID

CNNVD-202601-1713

CVE-2026-0822

  • CNNVD Published: 2026-01-10

Description (Chinese)

QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS 0.11.0及之前版本存在安全漏洞,该漏洞源于文件quickjs.c中函数js_typed_array_sort存在堆缓冲区溢出,可能导致执行任意代码。

Description (English)

QuickJS is a small, embedded Javascript engine for QuickJS open source. There is a security loophole in QuickJS 0.11.0 and previous versions, which stems from the spilling of a stack of buffers in the quickjs.c function js typed array sort, which may result in the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

QuickJS

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5 https://github.com/quickjs-ng/quickjs/issues/1297 https://github.com/quickjs-ng/quickjs/issues/1297#issue-3780006202 https://github.com/quickjs-ng/quickjs/pull/1298 https://vuldb.com/?ctiid.340356 https://vuldb.com/?id.340356 https://vuldb.com/?submit.731783 https://access.redhat.com/security/cve/cve-2026-0822

Share on: