CNNVD-202601-3012 Information

CNNVD ID

CNNVD-202601-3012

Related CVE

CVE-2026-1145

• CNNVD Published: 2026-01-19

Description (Chinese)

QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS 0.11.0及之前版本存在安全漏洞，该漏洞源于对文件quickjs.c中函数js_typed_array_constructor_ta的错误操作，可能导致堆缓冲区溢出。

Description (English)

QuickJS is a small, embedded Javascript engine for QuickJS open source. There is a security loophole in QuickJS 0.11.0 and previous versions, which stems from an error in the quickjs.c function js typed array constructor ta, which may result in a spilling out of the buffer zone.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

QuickJS

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/paralin/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de8b4 https://github.com/quickjs-ng/quickjs/issues/1305 https://github.com/quickjs-ng/quickjs/issues/1305#issue-3785444372 https://github.com/quickjs-ng/quickjs/pull/1306 https://vuldb.com/?ctiid.341738 https://vuldb.com/?id.341738 https://vuldb.com/?submit.735539 https://access.redhat.com/security/cve/cve-2026-1145