CVE-2026-2241

CVE-2026-2241

Name

CVE-2026-2241

Description

A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is named 0f285855f0e34f9183956be5f16e045f54626bff. To fix this issue, it is recommended to deploy a patch.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cna@vuldb.com	https://github.com/janet-lang/janet/
cna@vuldb.com	https://github.com/janet-lang/janet/commit/0f285855f0e34f9183956be5f16e045f54626bff
cna@vuldb.com	https://github.com/janet-lang/janet/issues/1701
cna@vuldb.com	https://github.com/janet-lang/janet/issues/1701#event-4446770461
cna@vuldb.com	https://github.com/oneafter/0123/blob/main/ja3/repro
cna@vuldb.com	https://vuldb.com/?ctiid.344980
cna@vuldb.com	https://vuldb.com/?id.344980
cna@vuldb.com	https://vuldb.com/?submit.753156

Type

URI

cna@vuldb.com

https://github.com/janet-lang/janet/

cna@vuldb.com

https://github.com/janet-lang/janet/commit/0f285855f0e34f9183956be5f16e045f54626bff

cna@vuldb.com

https://github.com/janet-lang/janet/issues/1701

cna@vuldb.com

https://github.com/janet-lang/janet/issues/1701#event-4446770461

cna@vuldb.com

https://github.com/oneafter/0123/blob/main/ja3/repro

cna@vuldb.com

https://vuldb.com/?ctiid.344980

cna@vuldb.com

https://vuldb.com/?id.344980

cna@vuldb.com

https://vuldb.com/?submit.753156

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:janet-lang:janet::::::::`	janet	>= None	<= 1.40.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:janet-lang:janet:*:*:*:*:*:*:*:*

janet

>= None

<= 1.40.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
janet	edge-community	1.40.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.40.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.39.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.39.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.38.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.37.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.36.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.22.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	3.23-community	1.40.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

janet

edge-community

1.40.1-r0

Will Sinatra <wpsinatra@gmail.com>

possibly vulnerable

janet

edge-community