Description
A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-03-01
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A vulnerability exists in the Boxed_Number::go function of ChaiScript that can cause a divide-by-zero error when executing certain manipulations. This flaw aligns with CWE-369, leading to application crashes or unstable operation. The resulting denial of service can disrupt script execution and overall application availability.

Affected Systems

ChaiScript versions up to and including 6.1.0 are affected. The vulnerability is tied to the chaiscript::Boxed_Number::go implementation in the boxed_number.hpp file.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. The EPSS score of less than 1% suggests a very low likelihood of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access, and a public exploit exists. The overall risk is moderate, primarily impacting local users who have the ability to run untrusted ChaiScript code.

Generated by OpenCVE AI on April 16, 2026 at 15:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade ChaiScript to a version newer than 6.1.0 once it becomes available.
  • If an upgrade is not immediately possible, restrict or monitor any code paths that invoke chaiscript::Boxed_Number::go to prevent division by zero.
  • Patch the source by adding validation to the divisor before performing the division operation.

Generated by OpenCVE AI on April 16, 2026 at 15:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*

Mon, 02 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Chaiscript
Chaiscript chaiscript
Vendors & Products Chaiscript
Chaiscript chaiscript

Sun, 01 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title ChaiScript boxed_number.hpp go divide by zero
Weaknesses CWE-369
CWE-404
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Chaiscript Chaiscript
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-02T19:33:07.429Z

Reserved: 2026-02-28T14:23:19.391Z

Link: CVE-2026-3383

cve-icon Vulnrichment

Updated: 2026-03-02T19:33:00.727Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-01T07:15:59.947

Modified: 2026-03-05T22:30:05.817

Link: CVE-2026-3383

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:15:39Z

Weaknesses