NIXPKGS-2026-0063

GitHub issue published 5 months ago

Permalink CVE-2026-1145

6.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Exploit Code Maturity (E): Proof-of-Concept (P)
Remediation Level (RL): Official Fix (O)
Report Confidence (RC): Confirmed (C)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

updated 5 months ago by @LeSuisse Activity log

Created suggestion 5 months ago
@LeSuisse ignored
4 packages
- python312Packages.quickjs
- python313Packages.quickjs
- python312Packages.llm-tools-quickjs
- python313Packages.llm-tools-quickjs
5 months ago
@LeSuisse accepted 5 months ago
@LeSuisse published on GitHub 5 months ago

quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

References

VDB-341738 | quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow technical-descriptionvdb-entry
VDB-341738 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #735539 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow third-party-advisory
https://github.com/quickjs-ng/quickjs/issues/1305 issue-tracking
https://github.com/quickjs-ng/quickjs/pull/1306 issue-tracking
https://github.com/quickjs-ng/quickjs/issues/1305#issue-3785444372 issue-trackingexploit
https://github.com/paralin/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de… patch

Affected products

quickjs

==0.9
==0.10
==0.11.0
==0.1
==0.4
==0.3
==0.6
==0.7
==0.5
==0.8
==0.2

Matching in nixpkgs

pkgs.quickjs

Small and embeddable Javascript engine

nixos-unstable 2025-09-13-2
- nixpkgs-unstable 2025-09-13-2
- nixos-unstable-small 2025-09-13-2

pkgs.quickjs-ng

Mighty JavaScript engine

nixos-unstable 0.11.0
- nixpkgs-unstable 0.11.0
- nixos-unstable-small 0.11.0

Ignored packages (4)

pkgs.python312Packages.quickjs

Python wrapper around the quickjs C library

nixos-unstable 1.19.4
- nixpkgs-unstable 1.19.4
- nixos-unstable-small 1.19.4

pkgs.python313Packages.quickjs

Python wrapper around the quickjs C library

nixos-unstable 1.19.4
- nixpkgs-unstable 1.19.4
- nixos-unstable-small 1.19.4

pkgs.python312Packages.llm-tools-quickjs

JavaScript execution as a tool for LLM

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1

pkgs.python313Packages.llm-tools-quickjs