Untriaged
Permalink
CVE-2026-2657
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
wren-lang wren Error Message wren_compiler.c printError stack-based overflow
A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References
- Submit #752791 | wren-lang wren main branch Stack-based Buffer Overflow third-party-advisory
- https://github.com/wren-lang/wren/issues/1221 issue-tracking
- https://github.com/oneafter/0122/blob/main/i1221/repro exploit
- https://github.com/wren-lang/wren/ product
- VDB-346455 | wren-lang wren Error Message wren_compiler.c printError stack-based overflow vdb-entry technical-description
- VDB-346455 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Affected products
wren
- ==0.3
- ==0.1
- ==0.4.0
- ==0.2
Matching in nixpkgs
pkgs.fairywren
FairyWren Icon Set
-
nixos-unstable 0-unstable-2026-02-08
- nixpkgs-unstable 0-unstable-2026-02-08
- nixos-unstable-small 0-unstable-2026-02-08
-
nixos-25.11 0-unstable-2024-06-10
- nixos-25.11-small 0-unstable-2024-06-10
- nixpkgs-25.11-darwin 0-unstable-2024-06-10
pkgs.tree-sitter-grammars.tree-sitter-wren
Tree-sitter grammar for wren
-
nixos-unstable -
- nixos-unstable-small 0-unstable-2024-01-01
pkgs.python313Packages.tree-sitter-grammars.tree-sitter-wren
Python bindings for tree-sitter-wren
-
nixos-unstable -
- nixos-unstable-small 0+unstable20240101
pkgs.python314Packages.tree-sitter-grammars.tree-sitter-wren
Python bindings for tree-sitter-wren
-
nixos-unstable -
- nixos-unstable-small 0+unstable20240101
Package maintainers
-
@D3vil0p3r Antonio Voza <vozaanthony@gmail.com>
-
@adfaure Adrien Faure <adfaure@pm.me>
-
@stepbrobd Yifei Sun <ysun@hey.com>
-
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
-
@A-jay98 Ali Jamadi <ali@jamadi.me>
-
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>