CVE-2025-69654

{"id": "CVE-2025-69654", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2026-03-06T20:16:11.900", "references": [{"url": "https://github.com/bellard/quickjs/issues/468", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/bellard/quickjs/issues/468", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11),`qjs` interpreter using the `-m` option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JS_FreeRuntime (list_empty(&rt->gc_obj_list)) during runtime cleanup. Although the engine reports an OOM error, it subsequently aborts with SIGABRT because the GC object list is not fully released. This results in a denial of service."}, {"lang": "es", "value": "Una entrada JavaScript manipulada, ejecutada con la versi\u00f3n QuickJS 2025-09-13, corregida en el commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 (2025-12-11), el int\u00e9rprete 'qjs' utilizando la opci\u00f3n '-m' y un l\u00edmite de memoria bajo, puede causar una condici\u00f3n de agotamiento de memoria seguida de un fallo de aserci\u00f3n en JS_FreeRuntime (list_empty(&rt->gc_obj_list)) durante la limpieza del tiempo de ejecuci\u00f3n. Aunque el motor informa un error OOM, posteriormente aborta con SIGABRT porque la lista de objetos GC no se libera completamente. Esto resulta en una denegaci\u00f3n de servicio."}], "lastModified": "2026-06-02T18:40:28.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:quickjs_project:quickjs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "206BB3B5-1E49-46EC-9B94-8072C2907C39", "versionEndExcluding": "2025-12-11", "versionStartIncluding": "2025-09-13"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}