CVE-2026-2869
Out-of-Bounds Read in janet-lang janetc_varset Function
Publication date: 2026-02-21
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| janet-lang | janet | to 1.40.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-2869 is a vulnerability in the janet-lang janet programming language affecting versions up to 1.40.1. It occurs in the function janetc_varset within the file src/core/specials.c, specifically in the handleattr handler component.
The vulnerability is an out-of-bounds read (CWE-125), where the program reads data beyond the allocated buffer boundaries, caused by an off-by-one error accessing an element just beyond the end of a tuple during compilation of malformed definition attributes.
This flaw can be exploited locally (no remote exploitation) and is considered easy to exploit, with a public proof-of-concept available. The issue primarily affects system availability by potentially causing crashes or undefined behavior.
The vulnerability is fixed by upgrading janet to version 1.41.0, which includes a patch that corrects the boundary checks to prevent out-of-bounds access.
How can this vulnerability impact me? :
This vulnerability can impact you by causing system instability or crashes due to out-of-bounds reads during the compilation phase of janet programs.
Since the vulnerability affects availability, it may lead to denial of service conditions in environments where janet-lang janet is used.
Exploitation requires local access and no authentication, so an attacker with local privileges could trigger this issue to disrupt system operations.
Upgrading to janet version 1.41.0 or applying the provided patch mitigates this risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a local out-of-bounds read in the janet-lang janet programming language, specifically in the function janetc_varset within src/core/specials.c. Detection involves identifying if the vulnerable janet version (up to 1.40.1) is installed and if the vulnerable function is being triggered by malformed input during compilation.'}, {'type': 'paragraph', 'content': 'Since the exploit requires local access and occurs during compilation, network detection is not applicable. Detection can be performed by running a test harness or crafted input that triggers the vulnerability and monitoring for crashes or AddressSanitizer (ASan) reports indicating heap-buffer-overflow in handleattr.'}, {'type': 'paragraph', 'content': 'Suggested commands include building janet with AddressSanitizer enabled and running a reproducer harness with crafted input to trigger the vulnerability. For example:'}, {'type': 'list_item', 'content': 'Build janet with ASan enabled (Linux x86_64, Clang): `make ASAN=1` or equivalent build commands.'}, {'type': 'list_item', 'content': "Run the reproducer harness with a crafted input file that triggers the overflow: `./janet -e 'dostring <crafted_input.janet>'` or using the provided minimal reproducer."}, {'type': 'paragraph', 'content': 'Monitoring system logs or ASan output for heap-buffer-overflow errors at src/core/specials.c:311 can confirm the presence of the vulnerability.'}] [3, 5]
What immediate steps should I take to mitigate this vulnerability?
The primary and immediate mitigation step is to upgrade the janet-lang janet programming language to version 1.41.0 or later, which includes a patch that fixes this vulnerability.
The patch (commit ID: 2fabc80151a2b8834ee59cda8a70453f848b40e5) improves error handling in the handleattr function to prevent out-of-bounds reads.
If upgrading is not immediately possible, avoid running untrusted or malformed janet code locally, as the exploit requires local access and malformed input to trigger the vulnerability.
Additionally, consider applying the patch manually if you maintain a custom build, and monitor for any unusual crashes or behavior related to janet compilation.