CVE-2026-3384

LOW

ChaiScript <6.1.0 - DoS

Title source: llm

Description

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript/language/chaiscript_eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

[Various Sources] https://github.com/ChaiScript/ChaiScript/

View Writeup ZIP pw:eip

[Issue Tracking] https://github.com/ChaiScript/ChaiScript/issues/633

[Issue Tracking] https://github.com/ChaiScript/ChaiScript/issues/633#issue-3828176056

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.348270

[Permissions Required, VDB Entry] https://vuldb.com/?id.348270

[Permissions Required, VDB Entry] https://vuldb.com/?submit.761303

Scores

CVSS v3 3.3

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-404 CWE-674

Status published

Affected Products (1)

chaiscript/chaiscript < 6.1.0

Timeline

Published Mar 01, 2026

Tracked Since Mar 01, 2026