Submit #833814: Duktape https://github.com/svaarala/duktape <=2.99.99 Memory Corruptioninfo

TitleDuktape https://github.com/svaarala/duktape <=2.99.99 Memory Corruption
DescriptionDuktape's bytecode loader (`duk_api_bytecode.c`) uses the `DUK_ASSERT` macro for bounds checking. In Release builds, `DUK_ASSERT` is defined as a no-op, so the bounds check is completely removed. By crafting bytecode with an inflated `count_instr` field and a truncated buffer ending at the instruction data boundary, the loader reads 4 bytes past the heap allocation, which are then interpreted as bytecode instructions.
Source⚠️ https://github.com/hmKunlun/compileOOB/blob/main/api_bytecode.md
User
 kunlun (UID 95866)
Submission05/20/2026 06:20 (2 months ago)
Moderation06/14/2026 15:43 (25 days later)
StatusAccepted
VulDB entry370859 [svaarala duktape up to 2.99.99 duk_api_bytecode.c count_instr memory corruption]
Points20

Do you need the next level of professionalism?

Upgrade your account now!