CVE-2026-0822

🗓️ 10 Jan 2026 13:32:08Reported by VulDBType

Heap overflow in quickjs typed array sort allows remote exploitation in quickjs-ng up to version 0.11.0.

Reporter	Title	Published	Views	Family All 14
AlpineLinux	CVE-2026-0822	10 Jan 202613:32	–	alpinelinux
Circl	CVE-2026-0822	10 Jan 202615:00	–	circl
CNNVD	QuickJS 安全漏洞	10 Jan 202600:00	–	cnnvd
Cvelist	CVE-2026-0822 quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow	10 Jan 202613:32	–	cvelist
Debian CVE	CVE-2026-0822	10 Jan 202613:32	–	debiancve
EUVD	EUVD-2026-1846	10 Jan 202613:32	–	euvd
NVD	CVE-2026-0822	10 Jan 202614:15	–	nvd
OSV	DEBIAN-CVE-2026-0822	10 Jan 202614:15	–	osv
OSV	UBUNTU-CVE-2026-0822	10 Jan 202614:15	–	osv
Positive Technologies	PT-2026-2028	10 Jan 202600:00	–	ptsecurity

NVD

Vulners

Node

quickjs-ng quickjsRange≤0.11.0

[
  {
    "vendor": "quickjs-ng",
    "product": "quickjs",
    "versions": [
      {
        "version": "0.1",
        "status": "affected"
      },
      {
        "version": "0.2",
        "status": "affected"
      },
      {
        "version": "0.3",
        "status": "affected"
      },
      {
        "version": "0.4",
        "status": "affected"
      },
      {
        "version": "0.5",
        "status": "affected"
      },
      {
        "version": "0.6",
        "status": "affected"
      },
      {
        "version": "0.7",
        "status": "affected"
      },
      {
        "version": "0.8",
        "status": "affected"
      },
      {
        "version": "0.9",
        "status": "affected"
      },
      {
        "version": "0.10",
        "status": "affected"
      },
      {
        "version": "0.11.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
github	www.github.com/quickjs-ng/quickjs/issues/1297
vuldb	www.vuldb.com/
github	www.github.com/quickjs-ng/quickjs/issues/1297
github	www.github.com/quickjs-ng/quickjs/
vuldb	www.vuldb.com/
github	www.github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5
github	www.github.com/quickjs-ng/quickjs/pull/1298

29 Apr 2026 01:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.16.3 - 8.8

CVSS 45.3

CVSS 27.5

CVSS 36.3

EPSS0.00081

SSVC

quickjs typed array sort heap overflow remote exploitation version 0.11.0 patch