Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use-after-free in js_print_object in QuickJS
Vulnerability Description
In quickjs, in js_print_object, when printing an array, the function first fetches the array length and then loops over it. The issue is, printing a value is not side-effect free. An attacker-defined callback could run during js_print_value, during which the array could get resized and len1 become out of bounds. This results in a use-after-free.A second instance occurs in the same function during printing of a map or set objects. The code iterates over ms->records list, but once again, elements could be removed from the list during js_print_value call.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
QuickJS 安全漏洞
Vulnerability Description
QuickJS是QuickJS开源的一个小型且可嵌入的 Javascript 引擎。 QuickJS存在安全漏洞,该漏洞源于js_print_object函数在打印数组和集合对象时未正确处理回调期间的数组大小变化,可能导致释放后重用。
CVSS Information
N/A
Vulnerability Type
N/A