PT-2025-12398 · Quickjs+1 · Quickjs+1

Haoxin Tu

Published

2025-03-21

Updated

2025-03-21

CVE-2024-13903

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions QuickJS versions up to 0.8.0

Description A stack-based buffer overflow issue was found in the JS GetRuntime function of the quickjs.c file in the qjs component. This issue can be exploited remotely, leading to a buffer overflow on the stack. The problem is declared as problematic. Upgrading to version 0.9.0 can address this issue.

Recommendations For QuickJS versions up to 0.8.0, upgrade to version 0.9.0 to address the issue. As a temporary workaround, consider restricting access to the JS GetRuntime function until the patch is applied.

Exploit

Fix

Memory Corruption

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-119

Related Identifiers

CVE-2024-13903

Affected Products

Debian

Quickjs

PT-2025-12398 · Quickjs+1 · Quickjs+1

CVE-2024-13903

Weakness Enumeration

Related Identifiers

Affected Products

References · 18