Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-3386

3.3 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

wren-lang wren wren_compiler.c emitOp out-of-bounds

A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-348272 | wren-lang wren wren_compiler.c emitOp out-of-bounds vdb-entrytechnical-description
VDB-348272 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #761306 | wren-lang wren main-branch Buffer Overflow third-party-advisory
https://github.com/wren-lang/wren/issues/1219 issue-tracking
https://github.com/oneafter/0122/blob/main/i1219/repro exploit
https://github.com/wren-lang/wren/ product

Affected products

wren

==0.2
==0.3
==0.4.0
==0.1

Matching in nixpkgs

pkgs.fairywren

FairyWren Icon Set

nixos-unstable 0-unstable-2026-02-15
- nixpkgs-unstable 0-unstable-2026-02-15
- nixos-unstable-small 0-unstable-2026-02-15
nixos-25.11 0-unstable-2024-06-10
- nixos-25.11-small 0-unstable-2024-06-10
- nixpkgs-25.11-darwin 0-unstable-2024-06-10

pkgs.tree-sitter-grammars.tree-sitter-wren

Tree-sitter grammar for wren

nixos-unstable 0-unstable-2024-01-01
- nixpkgs-unstable 0-unstable-2024-01-01
- nixos-unstable-small 0-unstable-2024-01-01

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-wren

Python bindings for tree-sitter-wren

nixos-unstable 0+unstable20240101
- nixpkgs-unstable 0+unstable20240101
- nixos-unstable-small 0+unstable20240101

pkgs.python314Packages.tree-sitter-grammars.tree-sitter-wren

Python bindings for tree-sitter-wren

nixos-unstable 0+unstable20240101
- nixpkgs-unstable 0+unstable20240101
- nixos-unstable-small 0+unstable20240101

Package maintainers

@D3vil0p3r Antonio Voza <vozaanthony@gmail.com>
@stepbrobd Yifei Sun <ysun@hey.com>
@adfaure Adrien Faure <adfaure@pm.me>
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
@A-jay98 Ali Jamadi <ali@jamadi.me>
@aciceri Andrea Ciceri <andrea.ciceri@autistici.org>