Base Score

LOW3.9

CVE-2023-48184

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.

VectorADJACENT_NETWORK

Published Bycve@mitre.org

Published DateApr 23, 2024, 07:15

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

3.9

Vector String

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

https://github.com/bellard/quickjs/issues/198

Base Score

LOW3.9

Weakness Type (CWE):CWE-416

CVSS Metrics

Base Score

3.9

Vector String

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Base Severity

LOW

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW