Description
Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.
Published: 2026-01-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution or program crash through a memory corruption flaw
Action: Patch immediately
AI Analysis

Impact

The vulnerability is an out-of-bounds write that corrupts memory within the Commander‑Genius application. If successfully triggered, an attacker could overwrite adjacent memory, potentially leading to arbitrary code execution or a forced crash, which compromises the integrity of the system running the game.

Affected Systems

Users running Commander‑Genius from gerstrong who have not upgraded beyond the snapshot preceding Release refs/pull/358/merge are affected. The exact version numbers are not listed, but any build compiled before that merge is vulnerable.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity, while the EPSS score is below 1%, suggesting a very low exploitation probability at this time. The vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is local, requiring the user to provide input that causes the out-of-bounds write during normal gameplay or data processing. No direct exploitation technique is disclosed, but an attacker with sufficient privileges or control over the game’s input could potentially exploit it to run arbitrary code.

Generated by OpenCVE AI on April 18, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Commander‑Genius to a version that incorporates the fix from pull/379 or any later release from gerstrong.
  • If you build the game from source, recompile the project after fetching the latest code to ensure the patch is included.
  • Run the game under a non‑privileged user account to limit potential damage if the flaw is exploited.

Generated by OpenCVE AI on April 18, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Gerstrong
Gerstrong commander-genius
Vendors & Products Gerstrong
Gerstrong commander-genius

Tue, 27 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge.
Title Out-of-bounds write in Commander-Genius
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Gerstrong Commander-genius
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T15:03:10.130Z

Reserved: 2026-01-27T08:59:05.366Z

Link: CVE-2026-24827

cve-icon Vulnrichment

Updated: 2026-01-27T14:58:32.689Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T10:15:49.650

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24827

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses