CVE-2026-3384

EPSS 0.16%
Veröffentlicht 01.03.2026 08:15:57
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

ChaiScript chaiscript_eval.hpp Function_Push_Pop recursion

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chaiscript ≫ Chaiscript Version <= 6.1.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.057

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	1.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/ChaiScript/ChaiScript/

Product

https://github.com/ChaiScript/ChaiScript/issues/633

Issue Tracking

https://github.com/ChaiScript/ChaiScript/issues/633#issue-3828176056

Issue Tracking

https://vuldb.com/?ctiid.348270

VDB Entry

Permissions Required

https://vuldb.com/?id.348270

Third Party Advisory

VDB Entry

https://vuldb.com/?submit.761303

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2026-3384

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3384

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3384

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3384