CVE-2026-3382
Received Received - Intake
Memory Corruption in ChaiScript Boxed_Number::get_as Function

Publication date: 2026-03-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3382
EUVD
EUVD-2026-9117
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chaiscript chaiscript to 6.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3382 is a memory corruption vulnerability in ChaiScript versions up to 6.1.0, specifically in the function chaiscript::Boxed_Number::get_as located in the file include/chaiscript/dispatchkit/boxed_number.hpp.

The issue arises from improper handling of memory buffers and the lifetime of Boxed_Value objects across threads, leading to invalid memory reads or writes outside the intended buffer boundaries (CWE-119).

This flaw can cause segmentation faults or crashes when retrieving and using the result of asynchronous function calls, due to use-after-free or thread-unsafe handling of boxed values.

The vulnerability requires local access to exploit and is considered easy to exploit, with a proof-of-concept exploit publicly available.

Impact Analysis

This vulnerability can lead to memory corruption causing segmentation faults and crashes in applications using the affected ChaiScript versions.

Such crashes can impact system availability and stability, potentially disrupting normal operations.

Since the exploit requires local access, an attacker with local privileges could leverage this flaw to cause denial of service or destabilize the affected system.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability manifests as a segmentation fault caused by memory corruption in the function chaiscript::Boxed_Number::get_as when handling asynchronous function return values in ChaiScript. Detection involves reproducing the issue by running a proof-of-concept script that asynchronously executes a function returning an integer after a loop of assignments, then printing the results of the futures.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability on your system, you can build ChaiScript in Release mode with AddressSanitizer (ASan) enabled and run the provided proof-of-concept script. ASan will report invalid memory reads or segmentation faults indicating the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'No specific network detection commands are applicable since the attack requires local access and is triggered by local asynchronous function calls within ChaiScript.'}, {'type': 'list_item', 'content': 'Build ChaiScript with ASan enabled (e.g., using Clang with -fsanitize=address).'}, {'type': 'list_item', 'content': "Run the proof-of-concept script that asynchronously executes a function returning an integer and prints the future's result."}, {'type': 'list_item', 'content': 'Observe for segmentation faults or ASan reports indicating invalid memory reads in chaiscript::Boxed_Number::get_as.'}] [2, 3]

Mitigation Strategies

Currently, no official mitigations or patches have been provided by the ChaiScript project for this vulnerability.

Immediate steps to mitigate the risk include avoiding the use of asynchronous function calls that return boxed numbers in ChaiScript versions up to 6.1.0, especially in multi-threaded contexts.

Consider replacing the affected ChaiScript component with an alternative scripting engine or version that is not vulnerable.

Monitor the ChaiScript project for any forthcoming patches or updates addressing this issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3382. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart