Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-48184
HistoryApr 23, 2024 - 12:00 a.m.

CVE-2023-48184

2024-04-2300:00:00
ubuntu.com
ubuntu.com
3
quickjs
7414e5f
use-after-free
vulnerability
garbage collection
async functions
closures
unix

CVSS3

3.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

EPSS

0

Percentile

9.0%

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free
because of incorrect garbage collection of async functions with closures.

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchquickjs< anyUNKNOWN

CVSS3

3.9

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

7.3

Confidence

Low

EPSS

0

Percentile

9.0%

Related for UB:CVE-2023-48184