Description
Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.

This issue affects UEVR: before 1.05.
Published: 2026-01-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap Buffer Overflow
Action: Immediate Patch
AI Analysis

Impact

An out‑of‑bounds write occurs in the Lua modules ldebug.c and lvm.c of praydog UEVR, allowing an attacker to overwrite memory beyond the intended buffer. This flaw can potentially lead to arbitrary code execution or a denial of service.

Affected Systems

The flaw exists in all releases of praydog UEVR before version 1.05; any installation of those releases is at risk.

Risk and Exploitability

Based on the description, it is inferred that an attacker would need the ability to supply malicious Lua input or execute a compromised script to trigger the vulnerable code. The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1% suggests a low probability of widespread active exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, implying it has not yet been observed in the wild.

Generated by OpenCVE AI on April 18, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade UEVR to version 1.05 or later, which removes the vulnerable Lua modules.
  • If an upgrade cannot be performed immediately, disable or restrict Lua script execution in UEVR to prevent the vulnerable code paths from being reached.
  • Monitor UEVR logs for unexpected crashes or abnormal memory access patterns and treat such events as potential exploitation attempts.

Generated by OpenCVE AI on April 18, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://github.com/praydog/UEVR/pull/336 cve-icon cve-icon
History

Tue, 27 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Praydog
Praydog uevr
Vendors & Products Praydog
Praydog uevr

Tue, 27 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects UEVR: before 1.05.
Title A potential heap-buffer overflow in praydog/UEVR
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Amber'}

Subscriptions

Praydog Uevr
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T20:36:51.915Z

Reserved: 2026-01-27T08:48:56.893Z

Link: CVE-2026-24817

cve-icon Vulnrichment

Updated: 2026-01-27T20:36:48.425Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:52.247

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24817

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses