Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-3385

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

wren-lang wren wren_compiler.c resolveLocal recursion

A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-348271 | wren-lang wren wren_compiler.c resolveLocal recursion vdb-entrytechnical-description
VDB-348271 | CTI Indicators (IOB, IOC, IOA) permissions-requiredsignature
Submit #761305 | wren-lang wren main-branch Heap-based Buffer Overflow third-party-advisory
https://github.com/wren-lang/wren/issues/1218 issue-tracking
https://github.com/oneafter/0122/blob/main/i1218/repro exploit
https://github.com/wren-lang/wren/ product

Affected products

wren

==0.1
==0.3
==0.4.0
==0.2

Matching in nixpkgs

pkgs.fairywren

FairyWren Icon Set

nixos-unstable 0-unstable-2026-02-15
- nixpkgs-unstable 0-unstable-2026-02-15
- nixos-unstable-small 0-unstable-2026-02-15
nixos-25.11 0-unstable-2024-06-10
- nixos-25.11-small 0-unstable-2024-06-10
- nixpkgs-25.11-darwin 0-unstable-2024-06-10

pkgs.tree-sitter-grammars.tree-sitter-wren

Tree-sitter grammar for wren

nixos-unstable 0-unstable-2024-01-01
- nixpkgs-unstable 0-unstable-2024-01-01
- nixos-unstable-small 0-unstable-2024-01-01

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-wren

Python bindings for tree-sitter-wren

nixos-unstable 0+unstable20240101
- nixpkgs-unstable 0+unstable20240101
- nixos-unstable-small 0+unstable20240101

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-wren

Python bindings for tree-sitter-wren

nixos-unstable 0+unstable20240101
- nixpkgs-unstable 0+unstable20240101
- nixos-unstable-small 0+unstable20240101

Package maintainers

@D3vil0p3r Antonio Voza <vozaanthony@gmail.com>
@stepbrobd Yifei Sun <ysun@hey.com>
@adfaure Adrien Faure <adfaure@pm.me>
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
@A-jay98 Ali Jamadi <ali@jamadi.me>
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>