CVE-2023-48184

Published: 23 April 2024

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.

Priority

Package	Release	Status
quickjs Launchpad, Ubuntu, Debian	focal	Does not exist
	jammy	Does not exist
	mantic	Needs triage
	noble	Needs triage
	upstream	Released (2024.01.13-1)

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.