CVE-2026-3387
Null Pointer Dereference in wren-lang getByteCountForArguments Function
Publication date: 2026-03-01
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wren | wren | to 0.4.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3387 is a NULL pointer dereference vulnerability in the Wren programming language compiler, specifically in the function getByteCountForArguments within the source file src/vm/wren_compiler.c.
This vulnerability occurs during the compilation of for loops, especially nested loops or loops inside class methods. The compiler attempts to generate bytecode for the iterator protocol, and due to corrupted internal compiler stateβsuch as malformed class definitions or deeply nested structuresβa critical pointer becomes NULL.
When the function tries to access a struct member at an offset from this NULL pointer, it causes a segmentation fault (crash) due to the NULL pointer dereference.
Exploitation requires local access and involves compiling specially crafted Wren scripts that trigger this faulty code path, leading to a crash and potential denial of service.
How can this vulnerability impact me? :
This vulnerability can cause the Wren compiler to crash due to a NULL pointer dereference when compiling certain maliciously crafted scripts.
The impact is primarily a denial of service, as the compiler becomes unstable or terminates unexpectedly during compilation.
Since local access is required to exploit this issue, remote exploitation is not possible, limiting the scope of impact.
There is no impact on confidentiality or integrity, but availability of the compiler is affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a segmentation fault (NULL pointer dereference) in the Wren compiler when compiling specially crafted Wren scripts containing for loops, especially nested loops or loops inside class methods.
Detection involves attempting to compile suspicious or malformed Wren scripts that might trigger the vulnerability. If the compiler crashes with a segmentation fault during compilation, it indicates the presence of the vulnerability.
A minimal reproduction can be done by running the provided harness program that reads a Wren script and interprets it using the Wren VM. Using a crafted input script that triggers the NULL pointer dereference will cause a crash.
Suggested commands include running the Wren compiler or interpreter on suspicious scripts and monitoring for crashes or segmentation faults. For example, using the harness program with a crafted input file as shown in the public proof-of-concept.
What immediate steps should I take to mitigate this vulnerability?
Currently, no official patches or countermeasures have been provided by the Wren project as they have not responded to the issue report.
Immediate mitigation steps include avoiding the use of vulnerable versions of the Wren language compiler (up to version 0.4.0) especially in environments where untrusted or malformed scripts might be compiled.
Consider using alternative products or language versions that are not affected by this vulnerability.
Restrict local access to systems running the Wren compiler to trusted users only, since local access is required to exploit this vulnerability.