Suggestions search

All statuses

Filter by:

With package: quickjs-ng

Found 2 matching suggestions

Published

(browse all)

Permalink CVE-2026-1144

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
4 packages
- python312Packages.quickjs
- python313Packages.quickjs
- python312Packages.llm-tools-quickjs
- python313Packages.llm-tools-quickjs
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

quickjs-ng quickjs Atomics Ops quickjs.c use after free

A vulnerability was detected in quickjs-ng quickjs up to 0.11.0. Affected is an unknown function of the file quickjs.c of the component Atomics Ops Handler. The manipulation results in use after free. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141. Applying a patch is advised to resolve this issue.

Affected products

quickjs

==0.2
==0.11.0
==0.1
==0.9
==0.10
==0.8
==0.5
==0.7
==0.6
==0.3
==0.4

Matching in nixpkgs

pkgs.quickjs

Small and embeddable Javascript engine

nixos-unstable 2025-09-13-2
- nixpkgs-unstable 2025-09-13-2
- nixos-unstable-small 2025-09-13-2

pkgs.quickjs-ng

Mighty JavaScript engine

nixos-unstable 0.11.0
- nixpkgs-unstable 0.11.0
- nixos-unstable-small 0.11.0

Package maintainers

@stesie Stefan Siegl <stesie@brokenpipe.de>

Quickjs-ng patch: https://github.com/quickjs-ng/quickjs/commit/ea3e9d77454e8fc9cb3ef3c504e9c16af5a80141
Pending PR for quickjs: https://github.com/bellard/quickjs/pull/483

Published

(browse all)

Permalink CVE-2026-1145

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
4 packages
- python312Packages.quickjs
- python313Packages.quickjs
- python312Packages.llm-tools-quickjs
- python313Packages.llm-tools-quickjs
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

Affected products

quickjs

==0.2
==0.11.0
==0.1
==0.9
==0.10
==0.8
==0.5
==0.7
==0.6
==0.3
==0.4

Matching in nixpkgs

pkgs.quickjs

Small and embeddable Javascript engine

nixos-unstable 2025-09-13-2
- nixpkgs-unstable 2025-09-13-2
- nixos-unstable-small 2025-09-13-2

pkgs.quickjs-ng

Mighty JavaScript engine

nixos-unstable 0.11.0
- nixpkgs-unstable 0.11.0
- nixos-unstable-small 0.11.0

Package maintainers

@stesie Stefan Siegl <stesie@brokenpipe.de>

Merged patch for quickjs-ng: https://github.com/quickjs-ng/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de8b4
Pending PR for quickjs: https://github.com/bellard/quickjs/pull/483