Several security issues were fixed in QuickJS.
Software Description:
- quickjs: small and embeddable Javascript engine
Details:
It was discovered that QuickJS could be forced to reference uninitialized
memory in certain instances. An attacker could possibly use this issue to
cause QuickJS to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2023-48183)
It was discovered that QuickJS incorrectly managed memory in certain
circumstances. An attacker could possibly use this issue to exhaust
system resources, resulting in a denial of service. (CVE-2023-48184)
It was discovered that QuickJS could be forced to crash due to a
failing test. An attacker could possibly use this issue to cause a
denial of service. (CVE-2024-33263)
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS libquickjs 2021.03.27-1ubuntu0.1~esm1 Available with Ubuntu Pro quickjs 2021.03.27-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7439-1
CVE-2023-48183, CVE-2023-48184, CVE-2024-33263
Get the latest Linux and open source security news straight to your inbox.