Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-1145

6.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months, 4 weeks ago

quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow

A flaw has been found in quickjs-ng quickjs up to 0.11.0. Affected by this vulnerability is the function js_typed_array_constructor_ta of the file quickjs.c. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 53aebe66170d545bb6265906fe4324e4477de8b4. It is suggested to install a patch to address this issue.

References

VDB-341738 | quickjs-ng quickjs quickjs.c js_typed_array_constructor_ta heap-based overflow vdb-entrytechnical-description
VDB-341738 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #735539 | quickjs-ng quickjs v0.11.0 Heap-based Buffer Overflow third-party-advisory
https://github.com/quickjs-ng/quickjs/issues/1305 issue-tracking
https://github.com/quickjs-ng/quickjs/pull/1306 issue-tracking
https://github.com/quickjs-ng/quickjs/issues/1305#issue-3785444372 exploitissue-tracking
https://github.com/paralin/quickjs/commit/53aebe66170d545bb6265906fe4324e4477de… patch

Affected products

quickjs

==0.9
==0.7
==0.11.0
==0.3
==0.1
==0.4
==0.10
==0.6
==0.5
==0.8
==0.2

Matching in nixpkgs

pkgs.quickjs

Small and embeddable Javascript engine

nixos-unstable 2025-04-26
- nixpkgs-unstable 2025-04-26
- nixos-unstable-small 2025-04-26
nixos-25.11 2025-09-13-2
- nixpkgs-25.11-darwin 2025-09-13-2

pkgs.quickjs-ng

Mighty JavaScript engine

nixos-unstable 0.10.1
- nixpkgs-unstable 0.10.1
- nixos-unstable-small 0.10.1
nixos-25.11 0.11.0
- nixpkgs-25.11-darwin 0.11.0

pkgs.python312Packages.quickjs

Python wrapper around the quickjs C library

nixos-unstable 1.19.4
- nixpkgs-unstable 1.19.4
- nixos-unstable-small 1.19.4
nixos-25.11 1.19.4
- nixpkgs-25.11-darwin 1.19.4

pkgs.python313Packages.quickjs

Python wrapper around the quickjs C library

nixos-unstable 1.19.4
- nixpkgs-unstable 1.19.4
- nixos-unstable-small 1.19.4
nixos-25.11 1.19.4
- nixpkgs-25.11-darwin 1.19.4

pkgs.python312Packages.llm-tools-quickjs

JavaScript execution as a tool for LLM

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1
nixos-25.11 0.1
- nixpkgs-25.11-darwin 0.1

pkgs.python313Packages.llm-tools-quickjs

JavaScript execution as a tool for LLM

nixos-unstable 0.1
- nixpkgs-unstable 0.1
- nixos-unstable-small 0.1
nixos-25.11 0.1
- nixpkgs-25.11-darwin 0.1

Package maintainers

@philiptaron Philip Taron <philip.taron@gmail.com>
@stesie Stefan Siegl <stesie@brokenpipe.de>