CVE-2026-3979

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions quickjs-ng quickjs versions through 0.12.1

Description An issue exists in quickjs-ng quickjs up to version 0.12.1, specifically within the js iterator concat return function located in the quickjs.c file. This manipulation leads to a use-after-free condition. Exploitation requires local access. The exploit has been published and is potentially available for use. The vulnerable function is js iterator concat return.

Recommendations quickjs-ng quickjs versions through 0.12.1: Apply the patch daab4ad4bae4ef071ed0294618d6244e92def4cd to resolve this issue.

Exploit

Fix

Buffer Overflow

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-416

Related Identifiers

CVE-2026-3979

Affected Products

Quickjs

CVE-2026-3979

Weakness Enumeration

Related Identifiers

Affected Products

References · 18