CVE-2026-24820
Out-of-Bounds Read in WickedEngine ldebug.C Module
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| turanszkij | wickedengine | to 0.71.705 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read issue in the WickedEngine's LUA modules, specifically related to the program file ldebug.C. It affects versions of WickedEngine before 0.71.705. An out-of-bounds read means the software reads data outside the intended memory boundaries, which can cause unexpected behavior or crashes.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized reading of memory, potentially causing application crashes or exposing sensitive data. Given the CVSS score of 5.1, it is considered a medium severity issue that requires low privileges and user interaction to exploit. The impact could include denial of service or information disclosure depending on how the out-of-bounds read is leveraged.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update WickedEngine to version 0.71.705 or later, where the out-of-bounds read issue in the ldebug.C module has been addressed. Applying the latest patches or updates from the official WickedEngine repository is recommended to ensure the vulnerability is fixed.