3.3
CVE-2026-10267
- EPSS 0.12%
- Veröffentlicht 01.06.2026 14:45:10
- Zuletzt bearbeitet 01.06.2026 16:41:55
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
janet-lang janet debug.c doframe out-of-bounds
A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerjanet-lang
≫
Produkt
janet
Version
1.0
Status
affected
Version
1.1
Status
affected
Version
1.2
Status
affected
Version
1.3
Status
affected
Version
1.4
Status
affected
Version
1.5
Status
affected
Version
1.6
Status
affected
Version
1.7
Status
affected
Version
1.8
Status
affected
Version
1.9
Status
affected
Version
1.10
Status
affected
Version
1.11
Status
affected
Version
1.12
Status
affected
Version
1.13
Status
affected
Version
1.14
Status
affected
Version
1.15
Status
affected
Version
1.16
Status
affected
Version
1.17
Status
affected
Version
1.18
Status
affected
Version
1.19
Status
affected
Version
1.20
Status
affected
Version
1.21
Status
affected
Version
1.22
Status
affected
Version
1.23
Status
affected
Version
1.24
Status
affected
Version
1.25
Status
affected
Version
1.26
Status
affected
Version
1.27
Status
affected
Version
1.28
Status
affected
Version
1.29
Status
affected
Version
1.30
Status
affected
Version
1.31
Status
affected
Version
1.32
Status
affected
Version
1.33
Status
affected
Version
1.34
Status
affected
Version
1.35
Status
affected
Version
1.36
Status
affected
Version
1.37
Status
affected
Version
1.38
Status
affected
Version
1.39
Status
affected
Version
1.40
Status
affected
Version
1.41.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.022 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 1.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 1.7 | 3.1 | 2.9 |
AV:L/AC:L/Au:S/C:P/I:N/A:N
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://github.com/janet-lang/janet/
https://vuldb.com/vuln/367546
https://vuldb.com/vuln/367546/cti
https://vuldb.com/cve/CVE-2026-10267
https://vuldb.com/submit/825072
https://github.com/janet-lang/janet/issues/1743
https://github.com/janet-lang/janet/issues/1743#issuecomment-4322129448
https://github.com/biniamf/pocs/tree/main/janet-debug-janet-doframe-env-data-oobread
https://github.com/janet-lang/janet/commit/ed17dd2c5913a23fb1107251e44a9410a3c30cf5