Untriaged
Permalink
CVE-2026-2241
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Activity log
- Created suggestion
janet-lang janet os.c os_strftime out-of-bounds
A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.
References
-
-
-
Submit #753156 | janet-lang janet c43e066 Heap-based Buffer Overflow third-party-advisory
-
https://github.com/janet-lang/janet/issues/1701 issue-tracking
Affected products
janet
- ==1.40.0
- ==1.40.1
Matching in nixpkgs
pkgs.janet
Janet programming language
pkgs.vscode-extensions.janet-lang.vscode-janet
Janet language support for Visual Studio Code
-
nixos-unstable 0.25.6
- nixpkgs-unstable 0.0.7-unstable-2025-05-19
- nixos-unstable-small 0.0.7-unstable-2025-05-19
-
nixos-unstable -
- nixpkgs-unstable 0.0.0+rev=7e28cbf
- nixos-unstable-small 0.0.0+rev=7e28cbf
pkgs.python312Packages.tree-sitter-grammars.tree-sitter-janet-simple
Python bindings for tree-sitter-janet-simple
-
nixos-unstable 0.25.6
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-janet-simple
Python bindings for tree-sitter-janet-simple
-
nixos-unstable 0.25.6
- nixpkgs-unstable 0.0.7+unstable20250519
- nixos-unstable-small 0.0.7+unstable20250519
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-janet-simple
Python bindings for tree-sitter-janet-simple
-
nixos-unstable -
- nixpkgs-unstable 0.0.7+unstable20250519
- nixos-unstable-small 0.0.7+unstable20250519
Package maintainers
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@andrewchambers Andrew Chambers <ac@acha.ninja>
-
@stepbrobd Yifei Sun <ysun@hey.com>
-
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
-
@adfaure Adrien Faure <adfaure@pm.me>
-
@A-jay98 Ali Jamadi <ali@jamadi.me>
-
@wackbyte wackbyte <wackbyte@pm.me>