CVE-2023-48184

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.9 LOW
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
3.9 LOW
ADJACENT_NETWORK
HIGH
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Debian logo
Debian Releases
Debian Product
Codename
quickjs
sid
2024.01.13-5
fixed
trixie
2024.01.13-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
quickjs
oracular
not-affected
noble
needs-triage
mantic
ignored
jammy
dne
focal
dne
Common Weakness Enumeration
References
https://github.com/bellard/quickjs/issues/198
https://github.com/bellard/quickjs/issues/198