{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24817", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:48:56.893Z", "datePublished": "2026-01-27T08:53:44.618Z", "dateUpdated": "2026-01-27T20:36:51.915Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/praydog/UEVR", "defaultStatus": "unaffected", "modules": ["dependencies/lua/src"], "product": "UEVR", "programFiles": ["ldebug.c", "lvm.c"], "vendor": "praydog", "versions": [{"lessThan": "1.05", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules).<p> This vulnerability is associated with program files <tt>ldebug.C</tt>, <tt>lvm.C</tt>.</p><p>This issue affects UEVR: before 1.05.</p>"}], "value": "Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects UEVR: before 1.05."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:53:44.618Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/praydog/UEVR/pull/336"}], "source": {"discovery": "UNKNOWN"}, "title": "A potential heap-buffer overflow in praydog/UEVR", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T20:36:42.775716Z", "id": "CVE-2026-24817", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:36:51.915Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24817", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T20:36:42.775716Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T20:36:48.425Z"}}], "cna": {"title": "A potential heap-buffer overflow in praydog/UEVR", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 8.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "praydog", "modules": ["dependencies/lua/src"], "product": "UEVR", "versions": [{"status": "affected", "version": "0", "lessThan": "1.05", "versionType": "git"}], "programFiles": ["ldebug.c", "lvm.c"], "collectionURL": "https://github.com/praydog/UEVR", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/praydog/UEVR/pull/336", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects UEVR: before 1.05.", "supportingMedia": [{"type": "text/html", "value": "Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules).<p> This vulnerability is associated with program files <tt>ldebug.C</tt>, <tt>lvm.C</tt>.</p><p>This issue affects UEVR: before 1.05.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:53:44.618Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24817", "state": "PUBLISHED", "dateUpdated": "2026-01-27T20:36:51.915Z", "dateReserved": "2026-01-27T08:48:56.893Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:53:44.618Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C.\n\nThis issue affects UEVR: before 1.05."}, {"lang": "es", "value": "Vulnerabilidad de escritura fuera de l\u00edmites en praydog UEVR (m\u00f3dulos dependencies/lua/src). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa ldebug.C, lvm.C.\n\nEste problema afecta a UEVR: anterior a 1.05."}], "id": "CVE-2026-24817", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:52.247", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/praydog/UEVR/pull/336"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:53:46.070447+00:00", "value": {"mitigation_remediation": ["Upgrade UEVR to version 1.05 or later, which removes the vulnerable Lua modules.", "If an upgrade cannot be performed immediately, disable or restrict Lua script execution in UEVR to prevent the vulnerable code paths from being reached.", "Monitor UEVR logs for unexpected crashes or abnormal memory access patterns and treat such events as potential exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Heap Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The flaw exists in all releases of praydog UEVR before version 1.05; any installation of those releases is at risk.", "description_and_impact": "An out\u2011of\u2011bounds write occurs in the Lua modules ldebug.c and lvm.c of praydog UEVR, allowing an attacker to overwrite memory beyond the intended buffer. This flaw can potentially lead to arbitrary code execution or a denial of service.", "risk_and_exploitability": "Based on the description, it is inferred that an attacker would need the ability to supply malicious Lua input or execute a compromised script to trigger the vulnerable code. The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1% suggests a low probability of widespread active exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, implying it has not yet been observed in the wild."}}}}, "created": "2026-01-27T20:17:03.890897+00:00", "updated": "2026-04-18T15:00:03.446743+00:00", "vendors": ["praydog", "praydog$PRODUCT$uevr"]}