CVE-2026-0822
quickjs-ng quickjs quickjs.c js_typed_array_sort heap-based overflow
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.
| CWE | CWE-122 CWE-119 |
| Vendor | quickjs-ng |
| Product | quickjs |
| Published | Jan 10, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for quickjs-ng quickjs
Be the first to know when new medium vulnerabilities affecting quickjs-ng quickjs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
quickjs-ng / quickjs
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11.0
References
vuldb.com: https://vuldb.com/?id.340356 vuldb.com: https://vuldb.com/?ctiid.340356 vuldb.com: https://vuldb.com/?submit.731783 github.com: https://github.com/quickjs-ng/quickjs/issues/1297 github.com: https://github.com/quickjs-ng/quickjs/pull/1298 github.com: https://github.com/quickjs-ng/quickjs/issues/1297#issue-3780006202 github.com: https://github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5 github.com: https://github.com/quickjs-ng/quickjs/
Credits
๐ mcsky23 (VulDB User)