CVE-2026-3383
Received Received - Intake
Divide-by-Zero Vulnerability in ChaiScript Boxed_Number Function

Publication date: 2026-03-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3383
EUVD
EUVD-2026-9118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
chaiscript chaiscript to 6.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3383 is a vulnerability in ChaiScript versions up to 6.1.0 affecting the function chaiscript::Boxed_Number::go in the file include/chaiscript/dispatchkit/boxed_number.hpp.

The issue arises from improper handling of arithmetic operations where a modulo or division by zero can occur without validation, leading to a divide-by-zero error (CWE-369).

Specifically, when a script performs a modulo operation with zero as the divisor, the software triggers a floating point exception (SIGFPE) causing the process to crash.

Exploitation requires local access and a proof-of-concept exploit is publicly available, demonstrating how the vulnerability can be triggered by running a loop that performs modulo operations with zero.

Impact Analysis

This vulnerability impacts the availability of the affected software by causing it to crash due to an unhandled divide-by-zero error.

An attacker with local access can exploit this flaw to trigger a floating point exception, resulting in a denial of service by crashing the ChaiScript process.

Since the vulnerability requires local access, remote exploitation is not possible, but it can still disrupt operations on systems where ChaiScript is used.

No patches or mitigations are currently available, so affected users are advised to consider alternative products to avoid this risk.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by running a proof-of-concept script that triggers the divide-by-zero error in ChaiScript. Specifically, executing a script that performs a modulo operation with zero as the divisor will cause a floating point exception (SIGFPE) and crash the process.

An example test involves running a loop from i = 0 to i < 50000 and performing the operation ret %= i;. When i is zero, this triggers the vulnerability.

On Linux x86_64 systems, monitoring for SIGFPE signals or process crashes related to ChaiScript can help detect exploitation attempts.

No specific network detection commands are applicable since the attack requires local access and is triggered by script execution.

Mitigation Strategies

Currently, there are no known patches or countermeasures available for this vulnerability.

Since the vulnerability requires local access and is triggered by specific script operations, immediate mitigation steps include restricting local access to the affected ChaiScript environment and avoiding running untrusted or malicious scripts that perform modulo operations.

Consider using alternative products or versions of ChaiScript that are not affected by this vulnerability until an official fix is released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3383. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart