{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3383", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-28T14:23:19.391Z", "datePublished": "2026-03-01T06:32:08.741Z", "dateUpdated": "2026-03-02T19:33:07.429Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-01T06:32:08.741Z"}, "title": "ChaiScript boxed_number.hpp go divide by zero", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-369", "lang": "en", "description": "Divide By Zero"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "ChaiScript", "versions": [{"version": "6.0", "status": "affected"}, {"version": "6.1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-28T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-28T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-28T15:28:29.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Oneafter (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348269", "name": "VDB-348269 | ChaiScript boxed_number.hpp go divide by zero", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348269", "name": "VDB-348269 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761302", "name": "Submit #761302 | ChaiScript develop branch Divide By Zero", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ChaiScript/ChaiScript/issues/634", "tags": ["issue-tracking"]}, {"url": "https://github.com/ChaiScript/ChaiScript/issues/634#issue-3828234470", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/ChaiScript/ChaiScript/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-02T19:32:48.260489Z", "id": "CVE-2026-3383", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T19:33:07.429Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3383", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-02T19:32:48.260489Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-02T19:33:00.727Z"}}], "cna": {"title": "ChaiScript boxed_number.hpp go divide by zero", "credits": [{"lang": "en", "type": "reporter", "value": "Oneafter (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "product": "ChaiScript", "versions": [{"status": "affected", "version": "6.0"}, {"status": "affected", "version": "6.1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-28T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-28T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-28T15:28:29.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348269", "name": "VDB-348269 | ChaiScript boxed_number.hpp go divide by zero", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348269", "name": "VDB-348269 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.761302", "name": "Submit #761302 | ChaiScript develop branch Divide By Zero", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ChaiScript/ChaiScript/issues/634", "tags": ["issue-tracking"]}, {"url": "https://github.com/ChaiScript/ChaiScript/issues/634#issue-3828234470", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/ChaiScript/ChaiScript/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-369", "description": "Divide By Zero"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-01T06:32:08.741Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3383", "state": "PUBLISHED", "dateUpdated": "2026-03-02T19:33:07.429Z", "dateReserved": "2026-02-28T14:23:19.391Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-01T06:32:08.741Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C9648DA-18A7-412B-AEE5-903C40744AD3", "versionEndIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation can lead to divide by zero. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet."}, {"lang": "es", "value": "Se ha identificado una debilidad en ChaiScript hasta 6.1.0, la cual afecta a la funci\u00f3n chaiscript::Boxed_Number::go del archivo include/chaiscript/dispatchkit/boxed_number.hpp. Su manipulaci\u00f3n puede llevar a una divisi\u00f3n entre cero. El ataque requiere acceso local. El exploit se ha hecho p\u00fablico y podr\u00eda ser utilizado para ataques. Se inform\u00f3 con antelaci\u00f3n del problema al proyecto, a trav\u00e9s de un informe de incidencias, pero a\u00fan no ha respondido."}], "id": "CVE-2026-3383", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-01T07:15:59.947", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/ChaiScript/ChaiScript/"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/ChaiScript/ChaiScript/issues/634"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/ChaiScript/ChaiScript/issues/634#issue-3828234470"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.348269"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.348269"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.761302"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}, {"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "ChaiScript", "source": "cna", "vendor": "n/a"}, "product": "chaiscript", "vendor": "chaiscript"}], "analysis": {"en": {"generated_at": "2026-04-16T15:00:33.932185+00:00", "value": {"mitigation_remediation": ["Upgrade ChaiScript to a version newer than 6.1.0 once it becomes available. ", "If an upgrade is not immediately possible, restrict or monitor any code paths that invoke chaiscript::Boxed_Number::go to prevent division by zero. ", "Patch the source by adding validation to the divisor before performing the division operation. "], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "ChaiScript versions up to and including 6.1.0 are affected. The vulnerability is tied to the chaiscript::Boxed_Number::go implementation in the boxed_number.hpp file.", "description_and_impact": "A vulnerability exists in the Boxed_Number::go function of ChaiScript that can cause a divide-by-zero error when executing certain manipulations. This flaw aligns with CWE-369, leading to application crashes or unstable operation. The resulting denial of service can disrupt script execution and overall application availability.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity. The EPSS score of less than 1% suggests a very low likelihood of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access, and a public exploit exists. The overall risk is moderate, primarily impacting local users who have the ability to run untrusted ChaiScript code."}}}}, "created": "2026-03-02T12:04:10.465419+00:00", "updated": "2026-04-16T15:15:39.032918+00:00", "vendors": ["chaiscript", "chaiscript$PRODUCT$chaiscript"]}