CVE-2026-2241

Exploit

EPSS 0.17%
Veröffentlicht 09.02.2026 16:02:08
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

janet-lang janet os.c os_strftime out-of-bounds

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Janet-lang ≫ Janet Version <= 1.40.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
cna@vuldb.com	1.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/janet-lang/janet/

Product

https://vuldb.com/?id.344980

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.344980

VDB Entry

Permissions Required

https://vuldb.com/?submit.753156

Third Party Advisory

VDB Entry

https://github.com/janet-lang/janet/issues/1701

Exploit

Issue Tracking

https://github.com/janet-lang/janet/issues/1701#event-4446770461

Exploit

Issue Tracking

https://github.com/oneafter/0123/blob/main/ja3/repro

Exploit

https://github.com/janet-lang/janet/commit/0f285855f0e34f9183956be5f16e045f54626bff

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-2241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2241

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2241