Nixpkgs security tracker

Untriaged

Permalink CVE-2026-3979

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month ago

quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free

A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack requires local access. The exploit has been published and may be used. Patch name: daab4ad4bae4ef071ed0294618d6244e92def4cd. Applying a patch is the recommended action to fix this issue.

References

VDB-350414 | quickjs-ng quickjs quickjs.c js_iterator_concat_return use after free vdb-entrytechnical-description
VDB-350414 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #769600 | quickjs-ng QuickJS 0.12.1 Use-After-Free third-party-advisory
https://github.com/quickjs-ng/quickjs/issues/1368 issue-tracking
https://github.com/quickjs-ng/quickjs/pull/1370 patchissue-tracking
https://github.com/quickjs-ng/quickjs/issues/1368#issue-4004680962 exploitissue-tracking
https://github.com/quickjs-ng/quickjs/commit/daab4ad4bae4ef071ed0294618d6244e92… patch
https://github.com/quickjs-ng/quickjs/ product

Affected products

quickjs

==0.12.1
==0.12.0

Matching in nixpkgs

pkgs.quickjs

Small and embeddable Javascript engine

nixos-unstable 2025-09-13-2
- nixpkgs-unstable 2025-09-13-2
- nixos-unstable-small 2025-09-13-2
nixos-25.11 2025-09-13-2
- nixos-25.11-small 2025-09-13-2
- nixpkgs-25.11-darwin 2025-09-13-2