Filtered by vendor Quickjs Project
Subscriptions
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62496 | 2 Quickjs-ng, Quickjs Project | 2 Quickjs, Quickjs | 2025-10-28 | 8.8 High |
| A vulnerability exists in the QuickJS engine's BigInt string parsing logic (js_bigint_from_string) when attempting to create a BigInt from a string with an excessively large number of digits. The function calculates the necessary number of bits (n_bits) required to store the BigInt using the formula: $$\text{n\_bits} = (\text{n\_digits} \times 27 + 7) / 8 \quad (\text{for radix 10})$$ * For large input strings (e.g., $79,536,432$ digits or more for base 10), the intermediate calculation $(\text{n\_digits} \times 27 + 7)$ exceeds the maximum value of a standard signed 32-bit integer, resulting in an Integer Overflow. * The resulting n_bits value becomes unexpectedly small or even negative due to this wrap-around. * This flawed n_bits is then used to compute n_limbs, the number of memory "limbs" needed for the BigInt object. Since n_bits is too small, the calculated n_limbs is also significantly underestimated. * The function proceeds to allocate a JSBigInt object using this underestimated n_limbs. * When the function later attempts to write the actual BigInt data into the allocated object, the small buffer size is quickly exceeded, leading to a Heap Out-of-Bounds Write as data is written past the end of the allocated r->tab array. | ||||
| CVE-2023-48184 | 1 Quickjs Project | 1 Quickjs | 2025-10-15 | 3.9 Low |
| QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. | ||||
| CVE-2023-48183 | 1 Quickjs Project | 1 Quickjs | 2025-10-15 | 7.5 High |
| QuickJS before c4cdd61 has a build_for_in_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval. | ||||
| CVE-2025-46687 | 1 Quickjs Project | 1 Quickjs | 2025-06-23 | 5.6 Medium |
| quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | ||||
| CVE-2025-46688 | 2 Quickjs-ng, Quickjs Project | 2 Quickjs, Quickjs | 2025-05-30 | 5.6 Medium |
| quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. | ||||
| CVE-2023-31922 | 1 Quickjs Project | 1 Quickjs | 2025-01-24 | 7.5 High |
| QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. | ||||
| CVE-2020-22876 | 1 Quickjs Project | 1 Quickjs | 2024-11-21 | 7.5 High |
| Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release. | ||||
Page 1 of 1.