Nixpkgs security tracker

Untriaged

Permalink CVE-2026-2869

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 2 months ago Activity log

Created suggestion 2 months ago

janet-lang janet handleattr specials.c janetc_varset out-of-bounds

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.

References

VDB-347106 | janet-lang janet handleattr specials.c janetc_varset out-of-bounds vdb-entrytechnical-description
VDB-347106 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #754589 | janet-lang janet 4dd08a4 Heap-based Buffer Overflow third-party-advisory
https://github.com/janet-lang/janet/issues/1699 issue-tracking
https://github.com/oneafter/0123/blob/main/ja1/repro exploit
https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b… patch
https://github.com/janet-lang/janet/releases/tag/v1.41.0 patch
https://github.com/janet-lang/janet/ product

Affected products

janet

==1.40.0
==1.41.0
==1.40.1

Matching in nixpkgs

pkgs.janet

Janet programming language

nixos-unstable 1.40.1
- nixpkgs-unstable 1.40.1
- nixos-unstable-small 1.40.1
nixos-25.11 1.39.1
- nixos-25.11-small 1.39.1
- nixpkgs-25.11-darwin 1.39.1

pkgs.vscode-extensions.janet-lang.vscode-janet

Janet language support for Visual Studio Code

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.tree-sitter-grammars.tree-sitter-janet-simple

None

nixos-unstable 0.0.7-unstable-2025-05-19
- nixpkgs-unstable 0.0.7-unstable-2025-05-19
- nixos-unstable-small 0.0.7-unstable-2025-05-19
nixos-25.11 0.25.10
- nixos-25.11-small 0.25.10
- nixpkgs-25.11-darwin 0.25.10

pkgs.vimPlugins.nvim-treesitter-parsers.janet_simple

None

nixos-unstable 0.0.0+rev=d183186
- nixpkgs-unstable 0.0.0+rev=d183186
- nixos-unstable-small 0.0.0+rev=d183186
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin