216.73.217.19

CVE-2026-1145

· Published 19/01/2026 09:16 · Modified 19/01/2026 09:16

Labels: CVE-2026-1145 2026-01-19CVE-2026-1145CWE-119[email protected]

Essential information

Published
19/01/2026 09:16
Modified
19/01/2026 09:16
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
quickjs-ng / quickjs cpe:2.3:a:quickjs-ng:quickjs:0.11.0:*:*:*:*:*:*:*

References