CNNVD-202601-1716 Information
CNNVD ID
CNNVD-202601-1716
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS 0.11.0及之前版本存在安全漏洞,该漏洞源于文件quickjs.c中函数js_typed_array_constructor存在堆缓冲区溢出,可能导致执行任意代码。
Description (English)
QuickJS is a small, embedded Javascript engine for QuickJS open source. There is a security loophole in QuickJS 0.11.0 and previous versions, which stems from the spilling of a stack of buffers in the quickjs.c function js typed array constructor, which may result in the implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
QuickJS
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5 https://github.com/quickjs-ng/quickjs/issues/1296 https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395 https://github.com/quickjs-ng/quickjs/pull/1299 https://vuldb.com/?ctiid.340355 https://vuldb.com/?id.340355 https://vuldb.com/?submit.731780 https://access.redhat.com/security/cve/cve-2026-0821
Share on: