CVE-2026-3384

EPSS 0.01%
Veröffentlicht 01.03.2026 08:15:57
Zuletzt bearbeitet 02.03.2026 20:30:10
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt ChaiScript

Version 6.0

Status affected

Version 6.1.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

https://github.com/ChaiScript/ChaiScript/

https://github.com/ChaiScript/ChaiScript/issues/633

https://github.com/ChaiScript/ChaiScript/issues/633#issue-3828176056

https://vuldb.com/?ctiid.348270

https://vuldb.com/?id.348270

https://vuldb.com/?submit.761303

https://nvd.nist.gov/vuln/detail/CVE-2026-3384

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3384

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3384

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3384