CVE-2023-48183

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-48183
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48183.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-48183
Downstream
Published
2024-04-23T07:15:42Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

QuickJS before c4cdd61 has a buildforin_iterator NULL pointer dereference because of an erroneous lexical scope of "this" with eval.

References

Affected packages

Git / github.com/bellard/quickjs

Affected ranges

Type
GIT
Repo
https://github.com/bellard/quickjs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c4cdd61a3ed284cd760faf6b00bbf0cb908da077

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42007593266370404879084930025077820112",
                    "299597447512767660216874378344764730014",
                    "233806775737187164580915928979697167148",
                    "107167455188985300678385180331203817084",
                    "263803685056712897898572957180104968343",
                    "324365029968400815818554406173475248198",
                    "44825028030228494228491351955596774426",
                    "75973796478338464902696915704258062968",
                    "64466302426090622137789728658953021971",
                    "121485368169762966972728308262339095255",
                    "317524613325483236599304660056780191923",
                    "143383360155053585162644688838381854349",
                    "219703297027972159332678681864696161018",
                    "340031247256921536019366846181427539922",
                    "21964757908801601201490250480208408362",
                    "198899508038259866461924372858485712233",
                    "143383360155053585162644688838381854349",
                    "219703297027972159332678681864696161018",
                    "164281187749366657034136930209410804662"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/bellard/quickjs/commit/c4cdd61a3ed284cd760faf6b00bbf0cb908da077",
            "target": {
                "file": "quickjs.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2023-48183-37b5893b"
        },
        {
            "digest": {
                "function_hash": "286910144853948451904573590968898786215",
                "length": 3516.0
            },
            "signature_type": "Function",
            "source": "https://github.com/bellard/quickjs/commit/c4cdd61a3ed284cd760faf6b00bbf0cb908da077",
            "target": {
                "file": "quickjs.c",
                "function": "add_eval_variables"
            },
            "signature_version": "v1",
            "deprecated": false,
            "id": "CVE-2023-48183-6ad5e526"
        }
    ]
}