Description
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Published: 2026-01-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption
Action: Patch Now
AI Analysis

Impact

Is‑Daouda's is‑Engine contains an out‑of‑bounds write that causes a heap‑based buffer overflow. The flaw can corrupt memory beyond the intended buffer size, potentially leading to a crash or other unintended behavior. The vulnerability is classified as a memory corruption issue (CWE‑122, CWE‑787).

Affected Systems

All instances of Is‑Daouda is‑Engine older than version 3.3.4 are affected. The product is listed as is‑Engine and the vulnerability applies to every release before 3.3.4. No other affected products or versions are documented in the available data.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score of less than 1% suggests a low probability of exploitation, and the vulnerability is not recorded in CISA's KEV catalog. The description infers that the overflow can be triggered by supplied input, so the likely attack vector is remote. However, the specific exposure (network vs local) is not detailed in the advisory, so environments should verify whether is‑Engine processes external data. Exploitation would require crafting input that overflows the heap buffer; no authentication or privilege escalation is described, which limits the impact to the privileges of the running process.

Generated by OpenCVE AI on April 18, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade is‑Engine to version 3.3.4 or later, which removes the heap‑based buffer overflow.
  • If an immediate upgrade is not possible, restrict external access to the is‑Engine service to trusted IP ranges or internal users only.
  • Enable available memory protection mechanisms—such as stack canaries, address space layout randomization, and bounds checking—to reduce the risk of successful exploitation.

Generated by OpenCVE AI on April 18, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 27 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Is-daouda
Is-daouda is-engine
Vendors & Products Is-daouda
Is-daouda is-engine

Tue, 27 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
Title Out-of-bounds write in is-Engine
Weaknesses CWE-122
CWE-787
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Is-daouda Is-engine
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T16:56:21.744Z

Reserved: 2026-01-27T08:59:05.366Z

Link: CVE-2026-24829

cve-icon Vulnrichment

Updated: 2026-01-27T16:56:14.625Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T10:15:49.917

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24829

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses