OSV-2024-389

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/quickjs/OSV-2024-389.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-389
Published
2024-04-30T00:14:11.245997Z
Modified
2024-04-30T00:14:11.246314Z
Summary
Heap-buffer-overflow in JS_CallInternal
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67611

Crash type: Heap-buffer-overflow READ 1
Crash state:
JS_CallInternal
async_func_resume
js_async_function_resume
References

Affected packages

OSS-Fuzz / quickjs

Package

Name
quickjs
Purl
pkg:generic/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events
Introduced
bd0b7048de817045a5396fbfee893687521f16de
Fixed
d378a9f3a583cb787c390456e27276d0ee377d23

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "introduced_range": "3ab1c2b3148d1c70181607002aac23ecdd2ad482:3c2cfabfc74e8af1f21db93884ed1ad9b6388a8c",
    "fixed_range": "db9dbd0a2b6d115c9ef3c0dc37e0c669ef4844e4:d378a9f3a583cb787c390456e27276d0ee377d23"
}