{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0821", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-09T18:24:17.150Z", "datePublished": "2026-01-10T13:02:07.698Z", "dateUpdated": "2026-01-10T13:02:07.698Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-01-10T13:02:07.698Z"}, "title": "quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "quickjs-ng", "product": "quickjs", "versions": [{"version": "0.1", "status": "affected"}, {"version": "0.2", "status": "affected"}, {"version": "0.3", "status": "affected"}, {"version": "0.4", "status": "affected"}, {"version": "0.5", "status": "affected"}, {"version": "0.6", "status": "affected"}, {"version": "0.7", "status": "affected"}, {"version": "0.8", "status": "affected"}, {"version": "0.9", "status": "affected"}, {"version": "0.10", "status": "affected"}, {"version": "0.11.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-01-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-09T19:29:41.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "mcsky23 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.340355", "name": "VDB-340355 | quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340355", "name": "VDB-340355 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731780", "name": "Submit #731780 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/quickjs-ng/quickjs/issues/1296", "tags": ["issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/pull/1299", "tags": ["issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5", "tags": ["patch"]}], "tags": ["x_open-source"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue."}], "id": "CVE-2026-0821", "lastModified": "2026-01-10T13:15:49.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-10T13:15:49.040", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5"}, {"source": "cna@vuldb.com", "url": "https://github.com/quickjs-ng/quickjs/issues/1296"}, {"source": "cna@vuldb.com", "url": "https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395"}, {"source": "cna@vuldb.com", "url": "https://github.com/quickjs-ng/quickjs/pull/1299"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.340355"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.340355"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.731780"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "quickjs-ng: quickjs-ng: Heap-based buffer overflow in js_typed_array_constructor function", "id": "2428462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428462"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the `js_typed_array_constructor` function of the `quickjs.c` file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or potentially arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-0821", "public_date": "2026-01-10T13:02:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0821\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0821\nhttps://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5\nhttps://github.com/quickjs-ng/quickjs/issues/1296\nhttps://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395\nhttps://github.com/quickjs-ng/quickjs/pull/1299\nhttps://vuldb.com/?ctiid.340355\nhttps://vuldb.com/?id.340355\nhttps://vuldb.com/?submit.731780"], "statement": "This vulnerability is rated Important for Red Hat. A heap-based buffer overflow in the `js_typed_array_constructor` function of quickjs-ng can be exploited by a remote attacker through specially crafted manipulation. This flaw may lead to information disclosure, denial of service, or arbitrary code execution. This affects components such as `radare2` in Community Projects (EPEL 8, 9, 10 and Fedora 42, 43).", "threat_severity": "Important"}