QuickJS 安全漏洞

QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS, which stems from a floating-point precision error in the TypedArray.prototype.indexOf function when handling a negative fromIndex parameter, which could lead to out-of-bounds...

oniguruma: Use-after-free in onig_new_deluxe() in regext.c

A use-after-free in onignewdeluxe in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte...