ChaiScript, up to 6.1.0, Exposes Data After It's Been Freed

Summary

A security flaw in ChaiScript, a JavaScript-like scripting language, can allow an attacker with local access to access data that has already been deleted. This could lead to unpredictable behavior or crashes. We recommend updating to the latest version of ChaiScript, which should fix this issue, as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
chaiscript	chaiscript	<= 6.1.0	–

Original title

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use a...

Original description

A flaw has been found in ChaiScript up to 6.1.0. This affects the function chaiscript::Type_Info::bare_equal of the file include/chaiscript/dispatchkit/type_info.hpp. This manipulation causes use after free. The attack requires local access. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

nvd CVSS2.0 1.0

nvd CVSS3.1 2.5

nvd CVSS4.0 2.0

Vulnerability type

CWE-119 Buffer Overflow

CWE-416 Use After Free

https://github.com/ChaiScript/ChaiScript/ Product
https://github.com/ChaiScript/ChaiScript/issues/636 Exploit Vendor Advisory Issue Tracking
https://github.com/ChaiScript/ChaiScript/issues/636#issue-3828333582 Exploit Vendor Advisory Issue Tracking
https://vuldb.com/?ctiid.346454 Third Party Advisory VDB Entry
https://vuldb.com/?id.346454 Third Party Advisory VDB Entry
https://vuldb.com/?submit.752790 Third Party Advisory VDB Entry