quickjs-ng quickjs
Moderate fix1 remedy
cpe:2.3:a:quickjs-ng:quickjs:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.11.0
quickjs-ng quickjs Heap-Based Buffer Overflow Vulnerability in Typed Array Constructor
Vulnerability
A heap-based buffer overflow vulnerability has been identified in quickjs-ng quickjs versions prior to 0.11.0. The issue arises in the function js_typed_array_constructor_ta within quickjs.c, where a stale length value is used to copy data from one array buffer to another. This vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in arbitrary code execution or memory corruption.
Reproduction
The vulnerability can be reproduced by creating a Resizable ArrayBuffer and a Uint8Array that references it. Then, use a Proxy to intercept the prototype property lookup, resize the ArrayBuffer, and finally, construct a new Uint8Array using the modified proxy. This process triggers the buffer overflow by copying data based on the invalidated length.
Remediation
Users are advised to update to the patched version of quickjs-ng quickjs, which is available on the project's GitHub repository.
Added: Jan 19, 2026, 9:21 AM
Updated: Jan 19, 2026, 9:21 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
10.0exploitability
5.0remediation
7.7relevance
2.2threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.