CVE-2026-3383
Divide-by-Zero Vulnerability in ChaiScript Boxed_Number Function
Publication date: 2026-03-01
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chaiscript | chaiscript | to 6.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-369 | The product divides a value by zero. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3383 is a vulnerability in ChaiScript versions up to 6.1.0 affecting the function chaiscript::Boxed_Number::go in the file include/chaiscript/dispatchkit/boxed_number.hpp.
The issue arises from improper handling of arithmetic operations where a modulo or division by zero can occur without validation, leading to a divide-by-zero error (CWE-369).
Specifically, when a script performs a modulo operation with zero as the divisor, the software triggers a floating point exception (SIGFPE) causing the process to crash.
Exploitation requires local access and a proof-of-concept exploit is publicly available, demonstrating how the vulnerability can be triggered by running a loop that performs modulo operations with zero.
How can this vulnerability impact me? :
This vulnerability impacts the availability of the affected software by causing it to crash due to an unhandled divide-by-zero error.
An attacker with local access can exploit this flaw to trigger a floating point exception, resulting in a denial of service by crashing the ChaiScript process.
Since the vulnerability requires local access, remote exploitation is not possible, but it can still disrupt operations on systems where ChaiScript is used.
No patches or mitigations are currently available, so affected users are advised to consider alternative products to avoid this risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running a proof-of-concept script that triggers the divide-by-zero error in ChaiScript. Specifically, executing a script that performs a modulo operation with zero as the divisor will cause a floating point exception (SIGFPE) and crash the process.
An example test involves running a loop from i = 0 to i < 50000 and performing the operation ret %= i;. When i is zero, this triggers the vulnerability.
On Linux x86_64 systems, monitoring for SIGFPE signals or process crashes related to ChaiScript can help detect exploitation attempts.
No specific network detection commands are applicable since the attack requires local access and is triggered by script execution.
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known patches or countermeasures available for this vulnerability.
Since the vulnerability requires local access and is triggered by specific script operations, immediate mitigation steps include restricting local access to the affected ChaiScript environment and avoiding running untrusted or malicious scripts that perform modulo operations.
Consider using alternative products or versions of ChaiScript that are not affected by this vulnerability until an official fix is released.