wren-lang wren Error Message wren_compiler.c printError stack-based overflow_CVE-2026-2657

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-2657

Source VulDB

Published Feb 18, 2026 at 16:32

Affected Product

Vendor wren-lang

Product wren

Version 0.1

Affected Versions wren-lang wren 0.1
wren-lang wren 0.2
wren-lang wren 0.3
wren-lang wren 0.4.0

CWE Classification

CWE-121 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-02-18T16:32:07.566Z",
    "modified": "2026-02-18T16:32:07.566Z",
    "type": "cve",
    "title": "wren-lang wren Error Message wren_compiler.c printError stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.346455\nhttps://vuldb.com/?ctiid.346455\nhttps://vuldb.com/?submit.752791\nhttps://github.com/wren-lang/wren/issues/1221\nhttps://github.com/oneafter/0122/blob/main/i1221/repro\nhttps://github.com/wren-lang/wren/",
    "id": "CVE-2026-2657",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "wren-lang wren 0.1\nwren-lang wren 0.2\nwren-lang wren 0.3\nwren-lang wren 0.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "wren",
    "version": "0.1",
    "vendor": "wren-lang",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}