PT-2026-22501 · Unknown · Chaiscript

Oneafter

Published

2026-03-01

Updated

2026-03-05

CVE-2026-3382

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ChaiScript versions up to 6.1.0

Description A security flaw exists in ChaiScript that can lead to memory corruption. The issue is located in the get as function within the chaiscript::Boxed Number class, specifically in the include/chaiscript/dispatchkit/boxed number.hpp file. Exploitation requires local access. The exploit is publicly available. The project was notified of the issue but has not yet responded.

Recommendations Versions prior to 6.1.0 should be updated. As a temporary workaround, consider avoiding the use of the get as function until a patch is available.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

CVE-2026-3382

Affected Products

Chaiscript

PT-2026-22501 · Unknown · Chaiscript

CVE-2026-3382

Weakness Enumeration

Related Identifiers

Affected Products

References · 13