ByteOS Network

CVE Vulnerability Details :

CVE-2026-0821

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-10 Jan, 2026 | 13:02

Updated At-23 Feb, 2026 | 08:27

▼CVE Numbering Authority (CNA)

quickjs-ng quickjs quickjs.c js_typed_array_constructor heap-based overflow

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.

Affected Products

Vendor

quickjs-ng

Product

quickjs

Versions

Affected

0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
0.10
0.11.0

Problem Types

Type	CWE ID	Description
CWE	CWE-122	Heap-based Buffer Overflow
CWE	CWE-119	Memory Corruption

Type: CWE

CWE ID: CWE-122

Description: Heap-based Buffer Overflow

Type: CWE

CWE ID: CWE-119

Description: Memory Corruption

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
3.1	7.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
3.0	7.3	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
2.0	7.5	N/A	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 3.0

Base score: 7.3

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Version: 2.0

Base score: 7.5

Base severity: N/A

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C

Credits

reporter

mcsky23 (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-01-09 00:00:00
VulDB entry created	2026-01-09 01:00:00
VulDB entry last update	2026-01-16 01:25:36

Event: Advisory disclosed

Date: 2026-01-09 00:00:00

Event: VulDB entry created

Date: 2026-01-09 01:00:00

Event: VulDB entry last update

Date: 2026-01-16 01:25:36

References

Hyperlink	Resource
https://vuldb.com/?id.340355	vdb-entry technical-description
https://vuldb.com/?ctiid.340355	signature permissions-required
https://vuldb.com/?submit.731780	third-party-advisory
https://github.com/quickjs-ng/quickjs/issues/1296	issue-tracking
https://github.com/quickjs-ng/quickjs/pull/1299	issue-tracking
https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395	exploit issue-tracking
https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5	patch
https://github.com/quickjs-ng/quickjs/	product

Hyperlink: https://vuldb.com/?id.340355

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.340355

Resource:

signature

permissions-required

Hyperlink: https://vuldb.com/?submit.731780

Resource:

third-party-advisory

Hyperlink: https://github.com/quickjs-ng/quickjs/issues/1296

Resource:

issue-tracking

Hyperlink: https://github.com/quickjs-ng/quickjs/pull/1299

Resource:

issue-tracking

Hyperlink: https://github.com/quickjs-ng/quickjs/issues/1296#issue-3780003395

Resource:

exploit

issue-tracking

Hyperlink: https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5

Resource:

patch

Hyperlink: https://github.com/quickjs-ng/quickjs/

Resource:

product

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References