CVE-2026-24817

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-24817
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24817.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-24817
Published
2026-01-27T09:15:52.247Z
Modified
2026-03-13T04:10:24.967309Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber CVSS Calculator
Summary
[none]
Details

Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.

This issue affects UEVR: before 1.05.

References

Affected packages

Git / github.com/praydog/UEVR

Affected ranges

Type
GIT
Repo
https://github.com/praydog/UEVR
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1a810f69fe4cab82b352c574763959d4390b84ce
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.05"
        }
    ]
}

Affected versions

1.*
1.0
1.01
1.02
1.03
1.04

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2026-24817-20994b28",
        "target": {
            "file": "lua-api/lib/src/ScriptContext.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "312892543692814921776954288577817648298",
                "47396217611344227271283426539206311635",
                "150787503396620570941209381962416646457",
                "79981182897563887704213221120619060923",
                "275367409753962000637729972485649590557",
                "202664839936022055803655280171210740086",
                "105385815761475094117147550383245447909",
                "301285475895534476966058108554863286777",
                "321906523048421178410954724004431863931",
                "184309246528067729036184709238780710435",
                "185949753380040380980004399407346201193",
                "326788411745635735583482286663976525704",
                "237072619546160956074229702866146629499",
                "193707850202347402890076628680703897656",
                "59991138865232857780907529588978398795",
                "86628096864037125615437956980371970957",
                "268481362697083102605574460294337897882",
                "321846445648654536091696323317941062653",
                "17471863292212087693465056768407991475",
                "32889407753790754453063082317851240205",
                "262510987908002256380026400091047084896"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/praydog/UEVR/commit/1a810f69fe4cab82b352c574763959d4390b84ce"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2026-24817-2fd7b34c",
        "target": {
            "file": "lua-api/lib/src/ScriptContext.cpp",
            "function": "ScriptContext::setup_bindings"
        },
        "digest": {
            "length": 32139.0,
            "function_hash": "216866318178216783764247029443971656225"
        },
        "signature_version": "v1",
        "source": "https://github.com/praydog/UEVR/commit/1a810f69fe4cab82b352c574763959d4390b84ce"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2026-24817-516d43ef",
        "target": {
            "file": "lua-api/lib/include/ScriptUtility.hpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "76689799006253686248220292398518621845",
                "314803333986411688827142784283464790289"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/praydog/UEVR/commit/1a810f69fe4cab82b352c574763959d4390b84ce"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24817.json"