A stack-based buffer overflow occurs during the Zen C compiler’s identifier mangling when struct, function, or trait names exceed expected lengths. The overflow can corrupt the compiler's stack, leading to a crash or, by exploiting the memory corruption, execution of arbitrary code. The weakness corresponds to the classic stack overflow class of vulnerabilities. The impact is loss of availability through compiler crashes and potential confidentiality, integrity, and availability compromise if code execution is achieved.

The affected product is Zen C, a systems programming language that compiles to GNU C/C11, with the CNAs listing zenc‑lang as the vendor. Versions prior to 0.4.4 are vulnerable. Users who compile code with identifiers longer than normal limits are at risk. The change set in the 0.4.4 release hardens the identifier handling to eliminate the overflow.

The CVSS score of 7.8 denotes high severity. The EPSS score below 1 % and absence from the KEV catalog suggest a low likelihood of current exploitation. The likely attack vector, inferred from the description, is a locally‑sourced malicious source file submitted to the compiler; an attacker must have compiler access to supply the crafted identifiers. Because the vulnerability is in the compile phase, privilege escalation depends on the compiler’s runtime privileges. The absence of a publicly documented exploit reduces immediate risk but remediation is advised due to the severity and potential impact if exploited.