Bug 2428463 (CVE-2026-0822)

Summary: CVE-2026-0822 quickjs-ng: quickjs-ng: Heap-based buffer overflow in js_typed_array_sort function
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in quickjs-ng. A remote attacker could exploit a heap-based buffer overflow vulnerability by manipulating the `js_typed_array_sort` function in `quickjs.c`. This could lead to information disclosure, denial of service, or potentially arbitrary code execution. An exploit for this vulnerability is publicly available.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2428530, 2428532, 2428534, 2428536, 2428538    
Bug Blocks:    

Description OSIDB Bzimport 2026-01-10 14:01:29 UTC 
A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.