Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-3386
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 weeks, 6 days ago by @LeSuisse Activity log
  • Created automatic suggestion 3 weeks ago
  • @LeSuisse removed
    4 packages
    • fairywren
    • tree-sitter-grammars.tree-sitter-wren
    • python313Packages.tree-sitter-grammars.tree-sitter-wren
    • python314Packages.tree-sitter-grammars.tree-sitter-wren
    2 weeks, 6 days ago
  • @LeSuisse dismissed 2 weeks, 6 days ago
wren-lang wren wren_compiler.c emitOp out-of-bounds

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected products

wren
  • ==0.3
  • ==0.2
  • ==0.1
  • ==0.4.0
Ignored packages (4) 
Not present in nixpkgs