3.3
CVE-2026-10268
- EPSS 0.12%
- Veröffentlicht 01.06.2026 17:16:42
- Zuletzt bearbeitet 01.06.2026 17:57:16
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
janet-lang janet marsh.c unmarshal_one_fiber integer overflow
A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d9b1d711ea1fde52ac73a82088b512a3e17bad0d. A patch should be applied to remediate this issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerjanet-lang
≫
Produkt
janet
Version
1.0
Status
affected
Version
1.1
Status
affected
Version
1.2
Status
affected
Version
1.3
Status
affected
Version
1.4
Status
affected
Version
1.5
Status
affected
Version
1.6
Status
affected
Version
1.7
Status
affected
Version
1.8
Status
affected
Version
1.9
Status
affected
Version
1.10
Status
affected
Version
1.11
Status
affected
Version
1.12
Status
affected
Version
1.13
Status
affected
Version
1.14
Status
affected
Version
1.15
Status
affected
Version
1.16
Status
affected
Version
1.17
Status
affected
Version
1.18
Status
affected
Version
1.19
Status
affected
Version
1.20
Status
affected
Version
1.21
Status
affected
Version
1.22
Status
affected
Version
1.23
Status
affected
Version
1.24
Status
affected
Version
1.25
Status
affected
Version
1.26
Status
affected
Version
1.27
Status
affected
Version
1.28
Status
affected
Version
1.29
Status
affected
Version
1.30
Status
affected
Version
1.31
Status
affected
Version
1.32
Status
affected
Version
1.33
Status
affected
Version
1.34
Status
affected
Version
1.35
Status
affected
Version
1.36
Status
affected
Version
1.37
Status
affected
Version
1.38
Status
affected
Version
1.39
Status
affected
Version
1.40
Status
affected
Version
1.41.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.022 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 1.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 1.7 | 3.1 | 2.9 |
AV:L/AC:L/Au:S/C:N/I:N/A:P
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://github.com/janet-lang/janet/
https://github.com/biniamf/pocs/tree/main/janet-marsh-unmarshal-intovf
https://github.com/janet-lang/janet/commit/d9b1d711ea1fde52ac73a82088b512a3e17bad0d
https://github.com/janet-lang/janet/issues/1744
https://vuldb.com/cve/CVE-2026-10268
https://vuldb.com/submit/825075
https://vuldb.com/vuln/367547
https://vuldb.com/vuln/367547/cti