NIXPKGS-2026-0676

GitHub issue published 3 months, 1 week ago

Permalink CVE-2026-3979

5.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse ignored
7 packages
- python312Packages.quickjs
- python313Packages.quickjs
- python314Packages.quickjs
- haskellPackages.mquickjs-hs
- python312Packages.llm-tools-quickjs
- python313Packages.llm-tools-quickjs
- python314Packages.llm-tools-quickjs
3 months, 1 week ago
@LeSuisse accepted 3 months, 1 week ago
@LeSuisse published on GitHub 3 months, 1 week ago

quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.

References

VDB-350414 | quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free technical-descriptionvdb-entry
VDB-350414 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #769600 | quickjs-ng QuickJS 0.12.1 Use-After-Free third-party-advisory
https://github.com/quickjs-ng/quickjs/issues/1368 issue-tracking
https://github.com/quickjs-ng/quickjs/pull/1370 issue-trackingpatch
https://github.com/quickjs-ng/quickjs/issues/1368#issue-4004680962 issue-trackingexploit
https://github.com/quickjs-ng/quickjs/commit/daab4ad4bae4ef071ed0294618d6244e92… patch
https://github.com/quickjs-ng/quickjs/ product

Affected products

quickjs

==0.12.1
==0.12.0

Matching in nixpkgs

pkgs.quickjs

Small and embeddable Javascript engine

nixos-unstable 2025-09-13-2
- nixpkgs-unstable 2025-09-13-2
- nixos-unstable-small 2025-09-13-2

pkgs.quickjs-ng

Mighty JavaScript engine

nixos-unstable 0.11.0
- nixpkgs-unstable 0.11.0
- nixos-unstable-small 0.11.0

Ignored packages (7)

pkgs.python312Packages.quickjs

None

pkgs.python313Packages.quickjs

Python wrapper around the quickjs C library

nixos-unstable 1.19.4
- nixpkgs-unstable 1.19.4
- nixos-unstable-small 1.19.4

pkgs.python314Packages.quickjs

Python wrapper around the quickjs C library

nixos-unstable 1.19.4
- nixpkgs-unstable 1.19.4
- nixos-unstable-small 1.19.4

pkgs.haskellPackages.mquickjs-hs

Wrapper for the Micro QuickJS JavaScript Engine

nixos-unstable 0.1.2.4
- nixpkgs-unstable 0.1.2.4
- nixos-unstable-small 0.1.2.4

pkgs.python312Packages.llm-tools-quickjs