CVE-2026-3387
Received Received - Intake
Null Pointer Dereference in wren-lang getByteCountForArguments Function

Publication date: 2026-03-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-01
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3387
EUVD
EUVD-2026-9122
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wren wren to 0.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3387 is a NULL pointer dereference vulnerability in the Wren programming language compiler, specifically in the function getByteCountForArguments within the source file src/vm/wren_compiler.c.

This vulnerability occurs during the compilation of for loops, especially nested loops or loops inside class methods. The compiler attempts to generate bytecode for the iterator protocol, and due to corrupted internal compiler stateβ€”such as malformed class definitions or deeply nested structuresβ€”a critical pointer becomes NULL.

When the function tries to access a struct member at an offset from this NULL pointer, it causes a segmentation fault (crash) due to the NULL pointer dereference.

Exploitation requires local access and involves compiling specially crafted Wren scripts that trigger this faulty code path, leading to a crash and potential denial of service.

Impact Analysis

This vulnerability can cause the Wren compiler to crash due to a NULL pointer dereference when compiling certain maliciously crafted scripts.

The impact is primarily a denial of service, as the compiler becomes unstable or terminates unexpectedly during compilation.

Since local access is required to exploit this issue, remote exploitation is not possible, limiting the scope of impact.

There is no impact on confidentiality or integrity, but availability of the compiler is affected.

Compliance Impact

I don't know

Detection Guidance

This vulnerability manifests as a segmentation fault (NULL pointer dereference) in the Wren compiler when compiling specially crafted Wren scripts containing for loops, especially nested loops or loops inside class methods.

Detection involves attempting to compile suspicious or malformed Wren scripts that might trigger the vulnerability. If the compiler crashes with a segmentation fault during compilation, it indicates the presence of the vulnerability.

A minimal reproduction can be done by running the provided harness program that reads a Wren script and interprets it using the Wren VM. Using a crafted input script that triggers the NULL pointer dereference will cause a crash.

Suggested commands include running the Wren compiler or interpreter on suspicious scripts and monitoring for crashes or segmentation faults. For example, using the harness program with a crafted input file as shown in the public proof-of-concept.

Mitigation Strategies

Currently, no official patches or countermeasures have been provided by the Wren project as they have not responded to the issue report.

Immediate mitigation steps include avoiding the use of vulnerable versions of the Wren language compiler (up to version 0.4.0) especially in environments where untrusted or malformed scripts might be compiled.

Consider using alternative products or language versions that are not affected by this vulnerability.

Restrict local access to systems running the Wren compiler to trusted users only, since local access is required to exploit this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3387. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart