Description
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
Published: 2026-04-16
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

Creolabs Gravity before 0.9.6 contains a heap buffer overflow in the gravity_vm_exec function that lets an attacker create scripts with an abundance of global string literals to trigger insufficient bounds checking in gravity_fiber_reassign(). This out‑of‑bounds write corrupts heap metadata and can be leveraged to run arbitrary code wherever the Gravity VM evaluates untrusted scripts, directly compromising confidentiality, integrity, and availability of the affected application.

Affected Systems

The vulnerability affects instances of Creolabs Gravity packaged under the marcobambini:gravity identifier. All releases prior to version 0.9.6 are vulnerable; versions 0.9.6 and later contain the necessary patch.

Risk and Exploitability

With a CVSS score of 9.3 the flaw is rated critical. No EPSS score is available, and the issue is not listed in the CISA KEV catalog, so on‑demand exploitation is not widely known. However, the attack vector is clear: an attacker who can supply a Gravity script containing many string literals at the global scope can trigger the overflow and achieve arbitrary code execution. The required conditions are typical of any application that allows customers to run arbitrary scripts through the Gravity engine.

Generated by OpenCVE AI on April 16, 2026 at 02:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to gravity version 0.9.6 or later, which includes the heap overflow fix.
  • If an upgrade cannot be performed immediately, disable or tightly restrict the execution of untrusted scripts within applications that embed Gravity.
  • Monitor application logs for signs of memory corruption or abnormal execution patterns that might indicate exploitation attempts.

Generated by OpenCVE AI on April 16, 2026 at 02:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Marcobambini
Marcobambini gravity
Vendors & Products Marcobambini
Marcobambini gravity

Thu, 16 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Description Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
Title Creolabs Gravity < 0.9.6 Heap Buffer Overflow via gravity_vm_exec
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Marcobambini Gravity
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-16T13:45:35.255Z

Reserved: 2026-04-13T20:29:02.808Z

Link: CVE-2026-40504

cve-icon Vulnrichment

Updated: 2026-04-16T13:45:05.634Z

cve-icon NVD

Status : Received

Published: 2026-04-16T02:16:11.693

Modified: 2026-04-16T02:16:11.693

Link: CVE-2026-40504

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:12:05Z

Weaknesses