PT-2026-22507 · Wren · Wren
Oneafter
·
Published
2026-03-01
·
Updated
2026-03-10
·
CVE-2026-3385
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
wren-lang wren versions up to 0.4.0
Description
A flaw exists in the
resolveLocal function within the src/vm/wren compiler.c file. This issue leads to uncontrolled recursion. Local access is required for exploitation. The details of the issue have been publicly disclosed.Recommendations
Versions prior to 0.4.0 should be updated. As a temporary workaround, consider restricting the use of the
resolveLocal function until a patch is available.Exploit
Fix
Uncontrolled Recursion
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wren