Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-3387

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

wren-lang wren wren_compiler.c getByteCountForArguments null pointer dereference

A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-348273 | wren-lang wren wren_compiler.c getByteCountForArguments null pointer dereference vdb-entrytechnical-description
VDB-348273 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #761312 | wren-lang wren main-branch NULL Pointer Dereference third-party-advisory
https://github.com/wren-lang/wren/issues/1220 issue-tracking
https://github.com/oneafter/0122/blob/main/i1220/repro exploit
https://github.com/wren-lang/wren/ product

Affected products

wren

==0.2
==0.3
==0.4.0
==0.1

Matching in nixpkgs

pkgs.fairywren

FairyWren Icon Set

nixos-unstable 0-unstable-2026-02-15
- nixpkgs-unstable 0-unstable-2026-02-15
- nixos-unstable-small 0-unstable-2026-02-15
nixos-25.11 0-unstable-2024-06-10
- nixos-25.11-small 0-unstable-2024-06-10
- nixpkgs-25.11-darwin 0-unstable-2024-06-10

pkgs.tree-sitter-grammars.tree-sitter-wren

Tree-sitter grammar for wren

nixos-unstable 0-unstable-2024-01-01
- nixpkgs-unstable 0-unstable-2024-01-01
- nixos-unstable-small 0-unstable-2024-01-01

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-wren

Python bindings for tree-sitter-wren

nixos-unstable 0+unstable20240101
- nixpkgs-unstable 0+unstable20240101
- nixos-unstable-small 0+unstable20240101

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-wren

Python bindings for tree-sitter-wren

nixos-unstable 0+unstable20240101
- nixpkgs-unstable 0+unstable20240101
- nixos-unstable-small 0+unstable20240101

Package maintainers

@D3vil0p3r Antonio Voza <vozaanthony@gmail.com>
@stepbrobd Yifei Sun <ysun@hey.com>
@adfaure Adrien Faure <adfaure@pm.me>
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
@A-jay98 Ali Jamadi <ali@jamadi.me>
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>