Description
Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C.

This issue affects WickedEngine: before 0.71.705.
Published: 2026-01-27
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Out-of-bounds Read
Action: Update Engine
AI Analysis

Impact

Based on the description, the vulnerability involves an out-of-bounds read triggered by the ldebug.C module in WickedEngine. Based on the description, it is inferred that the vulnerability does not allow code execution or denial of service; the impact is limited to the potential exposure of private data from memory. The weakness is classified as CWE-125, an out-of-bounds read, which may lead to leakage of sensitive information in systems that process untrusted input. The CVSS score of 5.1 indicates a moderate security impact with potential confidentiality concerns for applications running the vulnerable engine.

Affected Systems

WickedEngine from vendor turanszkij is affected when the installed version is earlier than 0.71.705. The issue surfaces in the engine’s LUA modules, specifically when loading or executing the ldebug.C file. Versions v0.71.704 and below are vulnerable; upgrading to v0.71.705 or later removes the flaw.

Risk and Exploitability

Based on the description, the likely attack vector is local or application-level access to the engine. The CVSS base score of 5.1 reflects moderate severity, while the EPSS score of less than 1% shows a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting no confirmed active exploitation. An attacker would need local or application-level access to the engine to trigger the read; remote exploitation is unlikely without additional vulnerabilities. The risk is primarily data exposure rather than privilege escalation or disruption.

Generated by OpenCVE AI on April 18, 2026 at 18:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WickedEngine to 0.71.705 or newer to remove the flaw.
  • If the ldebug.C module is not required, disable or delete it to reduce attack surface.
  • Monitor logs for abnormal memory reads that may indicate attempted exploitation.

Generated by OpenCVE AI on April 18, 2026 at 18:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Turanszkij
Turanszkij wickedengine
Vendors & Products Turanszkij
Turanszkij wickedengine

Tue, 27 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.
Title A stack overflow vulnerability in turanszkij/WickedEngine
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Amber'}

Subscriptions

Turanszkij Wickedengine
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T17:00:59.226Z

Reserved: 2026-01-27T08:48:56.893Z

Link: CVE-2026-24820

cve-icon Vulnrichment

Updated: 2026-01-27T17:00:55.539Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T09:15:52.663

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24820

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:00:08Z

Weaknesses