CVE-2026-2869

CVE-2026-2869

Name

CVE-2026-2869

Description

A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. Upgrading to version 1.41.0 addresses this issue. The identifier of the patch is 2fabc80151a2b8834ee59cda8a70453f848b40e5. The affected component should be upgraded.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cna@vuldb.com	https://github.com/janet-lang/janet/
cna@vuldb.com	https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b40e5
cna@vuldb.com	https://github.com/janet-lang/janet/issues/1699
cna@vuldb.com	https://github.com/janet-lang/janet/releases/tag/v1.41.0
cna@vuldb.com	https://github.com/oneafter/0123/blob/main/ja1/repro
cna@vuldb.com	https://vuldb.com/?ctiid.347106
cna@vuldb.com	https://vuldb.com/?id.347106
cna@vuldb.com	https://vuldb.com/?submit.754589

Type

URI

cna@vuldb.com

https://github.com/janet-lang/janet/

cna@vuldb.com

https://github.com/janet-lang/janet/commit/2fabc80151a2b8834ee59cda8a70453f848b40e5

cna@vuldb.com

https://github.com/janet-lang/janet/issues/1699

cna@vuldb.com

https://github.com/janet-lang/janet/releases/tag/v1.41.0

cna@vuldb.com

https://github.com/oneafter/0123/blob/main/ja1/repro

cna@vuldb.com

https://vuldb.com/?ctiid.347106

cna@vuldb.com

https://vuldb.com/?id.347106

cna@vuldb.com

https://vuldb.com/?submit.754589

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:janet-lang:janet::::::::`	janet	>= None	<= 1.40.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:janet-lang:janet:*:*:*:*:*:*:*:*

janet

>= None

<= 1.40.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
janet	edge-community	1.40.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.40.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.39.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.39.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.38.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.37.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.36.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	edge-community	1.22.0-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable
janet	3.23-community	1.40.1-r0	Will Sinatra <wpsinatra@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

janet

edge-community

1.40.1-r0

Will Sinatra <wpsinatra@gmail.com>

possibly vulnerable

janet

edge-community