CVE-2026-24827
Out-of-Bounds Write in Commander-Genius Before Release
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gerstrong | commander-genius | to release (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds write issue in the Commander-Genius project, specifically in cloned Lua source files. It arises from improper handling of stack space during error processing, which was fixed by backporting a critical security patch from the official Lua project. The patch prevents potential exploitation by ensuring safe stack management when errors occur. [1]
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds write, which may cause application crashes or potentially allow an attacker to execute arbitrary code or disrupt the normal operation of the software. This impacts the availability and integrity of the affected system. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the security patch provided in the Commander-Genius project pull request #379, which backports the critical Lua security fix to the cloned Lua source files `GsKit/base/lua/ldebug.c` and `GsKit/base/lua/lvm.c`. This patch addresses the out-of-bounds write vulnerability by improving stack space handling during error processing. Updating your Commander-Genius installation to include this patch or a later release that contains it is the recommended immediate mitigation step. [1]