quickjs-ng quickjs
Moderate fix1 remedy
cpe:2.3:a:quickjs-ng:quickjs:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.11.0
quickjs-ng quickjs Heap-Based Buffer Overflow Vulnerability in js_typed_array_sort
Vulnerability
A heap-based buffer overflow vulnerability has been identified in quickjs-ng quickjs versions through 0.11.0. The issue arises in the function js_typed_array_sort within quickjs.c. This vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability leads to a heap-based buffer overflow, allowing for out-of-bounds memory access.
Reproduction
The vulnerability can be reproduced by calling the js_typed_array_sort function with a user-defined comparator that resizes the ArrayBuffer being sorted. This can be done by creating a Uint8Array with ascending values, modifying the last element to 0 (to ensure it moves to the front during sorting), and then sorting the array while the comparator function resizes the backing ArrayBuffer. The AddressSanitizer will report a heap-buffer-overflow error, indicating successful exploitation.
Remediation
Users are advised to update to the latest version of quickjs-ng quickjs, where this vulnerability has been patched.
Added: Jan 10, 2026, 2:17 PM
Updated: Jan 10, 2026, 2:17 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
5.4remediation
7.7relevance
1.9threat
6.4urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.