{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0821", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-09T18:24:17.150Z", "datePublished": "2026-01-10T13:02:07.698Z", "dateUpdated": "2026-02-23T08:27:54.300Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:27:54.300Z"}, "title": "quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "quickjs-ng", "product": "quickjs", "versions": [{"version": "0.1", "status": "affected"}, {"version": "0.2", "status": "affected"}, {"version": "0.3", "status": "affected"}, {"version": "0.4", "status": "affected"}, {"version": "0.5", "status": "affected"}, {"version": "0.6", "status": "affected"}, {"version": "0.7", "status": "affected"}, {"version": "0.8", "status": "affected"}, {"version": "0.9", "status": "affected"}, {"version": "0.10", "status": "affected"}, {"version": "0.11.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-01-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-16T01:25:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "mcsky23 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.340355", "name": "VDB-340355 | quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340355", "name": "VDB-340355 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731780", "name": "Submit #731780 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/quickjs-ng/quickjs/issues/1296", "tags": ["issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/pull/1299", "tags": ["issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5", "tags": ["patch"]}, {"url": "https://github.com/quickjs-ng/quickjs/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T14:36:45.372311Z", "id": "CVE-2026-0821", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T14:36:51.911Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0821", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-12T14:36:45.372311Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T14:36:48.964Z"}}], "cna": {"tags": ["x_open-source"], "title": "quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "mcsky23 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "quickjs-ng", "product": "quickjs", "versions": [{"status": "affected", "version": "0.1"}, {"status": "affected", "version": "0.2"}, {"status": "affected", "version": "0.3"}, {"status": "affected", "version": "0.4"}, {"status": "affected", "version": "0.5"}, {"status": "affected", "version": "0.6"}, {"status": "affected", "version": "0.7"}, {"status": "affected", "version": "0.8"}, {"status": "affected", "version": "0.9"}, {"status": "affected", "version": "0.10"}, {"status": "affected", "version": "0.11.0"}]}], "timeline": [{"lang": "en", "time": "2026-01-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-09T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-16T01:25:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.340355", "name": "VDB-340355 | quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340355", "name": "VDB-340355 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731780", "name": "Submit #731780 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/quickjs-ng/quickjs/issues/1296", "tags": ["issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/pull/1299", "tags": ["issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5", "tags": ["patch"]}, {"url": "https://github.com/quickjs-ng/quickjs/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:27:54.300Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0821", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:27:54.300Z", "dateReserved": "2026-01-09T18:24:17.150Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-10T13:02:07.698Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quickjs-ng:quickjs:*:*:*:*:*:*:*:*", "matchCriteriaId": "99E7BDDC-5F85-4D2D-A0FE-87E837B594D3", "versionEndIncluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en quickjs-ng quickjs hasta 0.11.0. Esta vulnerabilidad afecta a la funci\u00f3n js_typed_array_constructor del archivo quickjs.c. La ejecuci\u00f3n de una manipulaci\u00f3n puede llevar a un desbordamiento de b\u00fafer basado en mont\u00edculo. El ataque puede lanzarse remotamente. El exploit ha sido divulgado p\u00fablicamente y puede utilizarse. Este parche se llama c5d80831e51e48a83eab16ea867be87f091783c5. Debe aplicarse un parche para remediar este problema."}], "id": "CVE-2026-0821", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-10T13:15:49.040", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/quickjs-ng/quickjs/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/quickjs-ng/quickjs/issues/1296"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/quickjs-ng/quickjs/pull/1299"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.340355"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.340355"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.731780"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "quickjs-ng: quickjs-ng: Heap-based buffer overflow in js_typed_array_constructor function", "id": "2428462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428462"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A flaw was found in quickjs-ng. A remote attacker can exploit a heap-based buffer overflow vulnerability in the `js_typed_array_constructor` function of the `quickjs.c` file by executing a specially crafted manipulation. This vulnerability may lead to information disclosure, denial of service, or potentially arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-0821", "public_date": "2026-01-10T13:02:07Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0821\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0821\nhttps://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5\nhttps://github.com/quickjs-ng/quickjs/issues/1296\nhttps://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395\nhttps://github.com/quickjs-ng/quickjs/pull/1299\nhttps://vuldb.com/?ctiid.340355\nhttps://vuldb.com/?id.340355\nhttps://vuldb.com/?submit.731780"], "statement": "This vulnerability is rated Important for Red Hat. A heap-based buffer overflow in the `js_typed_array_constructor` function of quickjs-ng can be exploited by a remote attacker through specially crafted manipulation. This flaw may lead to information disclosure, denial of service, or arbitrary code execution. This affects components such as `radare2` in Community Projects (EPEL 8, 9, 10 and Fedora 42, 43).", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-18T07:08:06.562493+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011supplied patch identified by commit c5d80831e51e48a83eab16ea867be87f091783c5 or upgrade to QuickJS 0.11.1 or later. ", "If a patch or upgrade cannot be applied promptly, ensure that all input routed to js_typed_array_constructor is validated or sanitized to prevent malformed data from reaching the vulnerable path. ", "Run the QuickJS engine with memory limits and additional hardening such as SELinux or AppArmor profiles to contain any potential memory corruption impact."], "summary": {"action": "Apply Patch", "impact": "Remote Heap-based Buffer Overflow"}, "threat_synthesis": {"affected_systems": "QuickJS from quickjs-ng is affected, specifically all releases up to and including version 0.11.0. No other vendor or product versions are listed in the CNA data.", "description_and_impact": "The flaw occurs in the js_typed_array_constructor function of the QuickJS JavaScript engine, where a crafted manipulation can create a heap-based buffer overflow. This overflow can corrupt memory and may enable an attacker to execute arbitrary code, although the description does not explicitly state an execution failure. The vulnerability is exploitable remotely and has been publicly disclosed.", "risk_and_exploitability": "The CVSS base score of 6.9 indicates a moderate to high severity, while the EPSS score of less than 1% shows that active exploitation is presently rare. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can likely invoke the flaw remotely by sending specially crafted data to the typed array constructor, leading to heap corruption and potentially code execution if memory is abused."}}}}, "created": "2026-01-12T14:36:17.473382+00:00", "updated": "2026-04-18T07:15:25.852698+00:00", "vendors": ["quickjs-ng", "quickjs-ng$PRODUCT$quickjs"]}