11 matches found
CVE-2025-62491
The CVE-2025-62491 entry concerns a Use-After-Free (UAF) in the QuickJS engine’s standard library. The vulnerability occurs in js_std_promise_rejection_check when iterating the global rejected_promise_list; during error reporting, rp->reason may be an Error with a custom property getter, and e...
CVE-2025-46688
CVE-2025-46688 affects quickjs-ng up to 0.9.0, with an incorrect size calculation in JS_ReadBigInt for a BigInt that leads to a heap-based buffer overflow. The vulnerability also affects QuickJS prior to 2025-04-26. Connected sources consistently describe the faulty size computation as the root c...
CVE-2023-48184
CVE-2023-48184 affects QuickJS before 7414e5f, where a use-after-free in JS_FreeValueRT arises from incorrect garbage collection of async functions with closures. Multiple connected sources (Red Hat, Debian/OSV entries, Ubuntu USN, and Nessus) document the issue and reference unpatched status in ...
CVE-2023-48183
CVE-2023-48183 affects QuickJS prior to commit c4cdd61. The vulnerability stems from an erroneous lexical scope of the value of this with eval, causing a NULL pointer dereference in build_for_in_iterator. Documented impact includes possible crashes/denial of service and potential arbitrary code e...
CVE-2025-62494
Summary: CVE-2025-62494 is a type-confusion vulnerability in the QuickJS engine’s string concatenation path. During the + operation, if the left operand is a string, the code converts the right operand to a primitive via JS_ToPrimitiveFree, which can trigger callbacks (toString/valueOf). While th...
CVE-2025-62495
CVE-2025-62495 describes an integer overflow in QuickJS regExp (libregexp). The DynBuf storing regex bytecode uses size_t, but several internal routines cast the DynBuf size_t to a signed int, so very large/complex patterns can exceed 2^31 bytes. The result is a negative value used for offsets (e...
CVE-2020-22876
CVE-2020-22876 relates to a buffer overflow in QuickJS (source: quickjs.c). The vulnerability allows remote denial of service via a crafted input and is mitigated by a fix released on 2020-07-05. Affected component is the QuickJS engine; root cause is a buffer overflow in quickjs.c leading to mem...
CVE-2025-62492
CVE-2025-62492 is a vulnerability in the QuickJS engine affecting the implementation of TypedArray.prototype.indexOf(). When a negative fromIndex is supplied, the calculation d_new = d + len can suffer floating-point precision loss, producing k = len. The search then reads starting at index len, ...
CVE-2025-62490
CVE-2025-62490 affects QuickJS: in js_print_object, during printing of arrays, maps, or sets, the code reads the length and iterates, but printing a value is not side-effect free. An attacker-defined callback during js_print_value could resize or remove items (e.g., in an array or ms->records)...
CVE-2025-62496
The CVE refers to QuickJS: BigInt parsing in js_bigint_from_string. When converting a decimal string with an extremely large number of digits, the code computes n_bits as (n_digits × 27 + 7) / 8. For very large inputs (e.g., tens of millions of digits), this intermediate value overflows a 32-bit ...
CVE-2025-62493
CVE-2025-62493 affects the QuickJS engine, specifically the BigInt string conversion path (js_bigint_to_string1). The root cause is an off-by-one error in the calculation of the number of digits (n_digits) needed for the string representation, which can cause memory reads beyond the allocated Big...