{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2242", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-09T09:38:32.721Z", "datePublished": "2026-02-09T17:02:09.705Z", "dateUpdated": "2026-02-23T10:00:36.959Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:00:36.959Z"}, "title": "janet-lang janet specials.c janetc_if out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "janet-lang", "product": "janet", "versions": [{"version": "1.40.0", "status": "affected"}, {"version": "1.40.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-09T19:34:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344981", "name": "VDB-344981 | janet-lang janet specials.c janetc_if out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344981", "name": "VDB-344981 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754495", "name": "Submit #754495 | janet-lang janet 2fabc80 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/janet-lang/janet/issues/1700", "tags": ["issue-tracking"]}, {"url": "https://github.com/janet-lang/janet/issues/1702", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0123/blob/main/ja2/repro", "tags": ["exploit"]}, {"url": "https://github.com/janet-lang/janet/commit/c43e06672cd9dacf2122c99f362120a17c34b391", "tags": ["patch"]}, {"url": "https://github.com/janet-lang/janet/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T18:40:06.262016Z", "id": "CVE-2026-2242", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T18:40:33.005Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2242", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T18:40:06.262016Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T18:40:24.358Z"}}], "cna": {"tags": ["x_open-source"], "title": "janet-lang janet specials.c janetc_if out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "janet-lang", "product": "janet", "versions": [{"status": "affected", "version": "1.40.0"}, {"status": "affected", "version": "1.40.1"}]}], "timeline": [{"lang": "en", "time": "2026-02-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-09T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-09T19:34:23.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344981", "name": "VDB-344981 | janet-lang janet specials.c janetc_if out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344981", "name": "VDB-344981 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.754495", "name": "Submit #754495 | janet-lang janet 2fabc80 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/janet-lang/janet/issues/1700", "tags": ["issue-tracking"]}, {"url": "https://github.com/janet-lang/janet/issues/1702", "tags": ["issue-tracking"]}, {"url": "https://github.com/oneafter/0123/blob/main/ja2/repro", "tags": ["exploit"]}, {"url": "https://github.com/janet-lang/janet/commit/c43e06672cd9dacf2122c99f362120a17c34b391", "tags": ["patch"]}, {"url": "https://github.com/janet-lang/janet/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T10:00:36.959Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2242", "state": "PUBLISHED", "dateUpdated": "2026-02-23T10:00:36.959Z", "dateReserved": "2026-02-09T09:38:32.721Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-09T17:02:09.705Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:janet-lang:janet:*:*:*:*:*:*:*:*", "matchCriteriaId": "D63D3EB2-96FF-4D2B-AD67-2DE091B2CC05", "versionEndIncluding": "1.40.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called c43e06672cd9dacf2122c99f362120a17c34b391. It is advisable to implement a patch to correct this issue."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en janet-lang janet hasta la versi\u00f3n 1.40.1. Esto afecta a la funci\u00f3n janetc_if del archivo src/core/specials.c. La ejecuci\u00f3n de una manipulaci\u00f3n puede llevar a una lectura fuera de l\u00edmites. El ataque debe lanzarse localmente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. Este parche se llama c43e06672cd9dacf2122c99f362120a17c34b391. Es aconsejable implementar un parche para corregir este problema."}], "id": "CVE-2026-2242", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-09T18:16:08.857", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/janet-lang/janet/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/janet-lang/janet/commit/c43e06672cd9dacf2122c99f362120a17c34b391"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/janet-lang/janet/issues/1700"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/janet-lang/janet/issues/1702"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/oneafter/0123/blob/main/ja2/repro"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344981"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344981"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.754495"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.40.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.40.1"}}], "product": "janet", "vendor": "janet-lang"}], "analysis": {"en": {"generated_at": "2026-04-18T18:16:56.248650+00:00", "value": {"mitigation_remediation": ["Update to the latest Janet release that includes the fix or apply the patch from commit c43e06672cd9dacf2122c99f362120a17c34b391.", "If building from source, rebuild the binary after applying the patch to ensure the corrected code is used.", "Restart any services or applications that invoke the Janet interpreter to load the patched version."], "summary": {"action": "Patch", "impact": "Out-of-Bounds Read"}, "threat_synthesis": {"affected_systems": "All releases of the Janet language interpreter up to version 1.40.1 are affected, including the core library\u2019s specials.c module. The patch identified by commit c43e06672cd9dacf2122c99f362120a17c34b391 resolves this issue. Users should verify that their installed interpreter is not older than 1.40.1 and update accordingly.", "description_and_impact": "A flaw in the janetc_if function of the Janet language interpreter allows a crafted input to trigger an out-of-bounds read. The entry confirms the existence of the read vulnerability but does not detail which data may be exposed; it merely states that a manipulation can lead beyond intended boundaries. Based on the nature of an out-of-bounds read, it is inferred that an attacker could potentially read sensitive memory contents, but this information disclosure is not explicitly documented in the CVE entry.", "risk_and_exploitability": "The CVSS base score of 4.8 indicates moderate severity, while the EPSS score of less than 1% signifies a low probability of exploitation. The vulnerability is only exploitable locally, requiring the attacker to run code on the same system that executes Janet. It is not listed on the CISA KEV catalog, further limiting its exposure. Overall, the risk is moderate but confined to local environments."}}}}, "created": "2026-02-10T11:35:28.972669+00:00", "title": "Janet Interpreter Out-of-Bounds Read in janetc_if", "updated": "2026-04-18T18:30:07.272667+00:00", "vendors": ["janet-lang", "janet-lang$PRODUCT$janet"]}