CVE-2026-3382

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-3382
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3382.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-3382
Published
2026-03-01T06:15:58.750Z
Modified
2026-04-10T05:42:56.272467Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::BoxedNumber::getas of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

References

Affected packages

Git / github.com/chaiscript/chaiscript

Affected ranges

Type
GIT
Repo
https://github.com/chaiscript/chaiscript
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ac0d7ce94925f8eac367533b276d9d7db13a77ae
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.1.0"
        }
    ]
}

Affected versions

Release-1.*
Release-1.0.0
Release-1.1.0
Release-1.2.0
Release-1.3.0
Release-2.*
Release-2.0.0
Release-2.1.0
Release-2.2.0
Release-2.3.0
Release-2.3.1
Release-2.3.2
Release-2.3.3
Release-3.*
Release-3.0.0
Release-4.*
Release-4.0.0
Release-4.1.0
Release-4.1.1
Release-4.2.0
Release-4.3.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v3.*
v3.0.0
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.2.0
v4.3.0
v5.*
v5.3.1
v5.6.0
v5.7.0
v6.*
v6.0.0
v6.1.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3382.json"