- Description
- quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.6
- Impact score
- 3.7
- Exploitability score
- 1.4
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- MEDIUM
- cve@mitre.org
- CWE-770
- Hype score
- Not currently trending
CVE-2025-46687 04/27/2025 08:15:15 PM BaseSeverity: MEDIUM quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. https://t.co/CBBRNpD158
@CVETracker
28 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-46687 quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. https://t.co/Hh0ZkUq9FH
@CVEnew
27 Apr 2025
524 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes