CVE-2026-2240

CVE-2026-2240

Name

CVE-2026-2240

Description

A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The name of the patch is 4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5. A patch should be applied to remediate this issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cna@vuldb.com	https://github.com/janet-lang/janet/
cna@vuldb.com	https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5
cna@vuldb.com	https://github.com/janet-lang/janet/issues/1702
cna@vuldb.com	https://github.com/janet-lang/janet/issues/1702#issuecomment-3790473369
cna@vuldb.com	https://github.com/oneafter/0123/blob/main/ja4/repro
cna@vuldb.com	https://vuldb.com/?ctiid.344979
cna@vuldb.com	https://vuldb.com/?id.344979
cna@vuldb.com	https://vuldb.com/?submit.753155

Type

URI

cna@vuldb.com

https://github.com/janet-lang/janet/

cna@vuldb.com

https://github.com/janet-lang/janet/commit/4dd08a4cdef5b1c42d9a2c19fc24412e97ef51d5

cna@vuldb.com

https://github.com/janet-lang/janet/issues/1702

cna@vuldb.com

https://github.com/janet-lang/janet/issues/1702#issuecomment-3790473369

cna@vuldb.com

https://github.com/oneafter/0123/blob/main/ja4/repro

cna@vuldb.com

https://vuldb.com/?ctiid.344979

cna@vuldb.com

https://vuldb.com/?id.344979

cna@vuldb.com

https://vuldb.com/?submit.753155

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:janet-lang:janet::::::::`	janet	>= None	<= 1.40.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:janet-lang:janet:*:*:*:*:*:*:*:*

janet

>= None

<= 1.40.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
janet	edge-community	1.40.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.40.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.39.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.39.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.38.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.37.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.36.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.22.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	3.23-community	1.40.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

janet

edge-community

1.40.1-r0

Will Sinatra <wpsinatra@gmail.com>

possibly vulnerable

janet

edge-community