Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-13903

Good to know:

icon

Date: March 21, 2025

A vulnerability was found in quickjs-ng QuickJS up to 0.8.0. It has been declared as problematic. Affected by this vulnerability is the function JS_GetRuntime of the file quickjs.c of the component qjs. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The patch is named 99c02eb45170775a9a679c32b45dd4000ea67aff. It is recommended to upgrade the affected component.

Severity Score

Related Resources (9)

https://github.com/quickjs-ng/quickjs/releases/tag/v0.9.0
https://github.com/quickjs-ng/quickjs/commit/99c02eb45170775a9a679c32b45dd4000ea67aff
https://nvd.nist.gov/vuln/detail/CVE-2024-13903
https://vuldb.com/?id.300571
https://vuldb.com/?submit.517394
https://security-tracker.debian.org/tracker/CVE-2024-13903
https://github.com/quickjs-ng/quickjs/issues/775
https://vuldb.com/?ctiid.300571
https://www.mend.io/vulnerability-database/CVE-2024-13903

Severity Score

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

Out-of-bounds Write

CWE-787

Stack-based Buffer Overflow

CWE-121

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/quickjs-ng/quickjs.git - v0.9.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us