Listen to this Post
The vulnerability CVE-2026-3385 resides in the `resolveLocal` function within `src/vm/wren_compiler.c` of the wren-lang interpreter, affecting versions up to 0.4.0. The `resolveLocal` function is responsible for resolving local variables in the Wren scripting language during the compilation phase. Due to a lack of proper depth control in its recursive algorithm, providing a specifically crafted script with deeply nested or self-referential local variable declarations causes the function to call itself repeatedly without termination. This uncontrolled recursion quickly exhausts the program’s stack memory, leading to a segmentation fault and a crash of the interpreter, resulting in a denial of service (DoS). The attack is local, requires low privileges, and a public proof-of-concept exploit is available, but the project has not yet responded to the report .
dailycve form:
Platform: wren-lang
Version: up to 0.4.0
Vulnerability : uncontrolled recursion
Severity: MEDIUM (4.8 CVSSv4)
date: 2026-03-01
Prediction: 60 days
What Undercode Say:
Analytics:
Check Wren version:
`wren –version` or check project’s `wren.h`.
Monitor crashes with system logs:
`dmesg | grep wren` or journalctl -xe | grep wren.
Exploit:
Trigger recursion by compiling malicious script.
Proof-of-Concept location:
https://github.com/oneafter/0122/blob/main/i1218/repro`src/vm/wren_compiler.c
<h2 style="color: blue;">Core issue in:</h2>
// Vulnerable logic pattern in resolveLocal
static int resolveLocal(Compiler compiler, int depth) {
// Lacks proper depth limit check
if (depth > MAX_RECURSION) return -1; // This check is missing
return resolveLocal(compiler, depth + 1); // Uncontrolled recursion
}
<h2 style="color: blue;">Protection from this CVE:</h2>
<h2 style="color: blue;">No official patch; apply resource limits:</h2>
`ulimit -s unlimited` (increase stack) or `ulimit -S -v 500000` (limit memory).
<h2 style="color: blue;">Use sandboxing:</h2>
<h2 style="color: blue;">firejail –noprofile –rlimit-as=500000 wren exploit.wren`
Rewrite `resolveLocal` to be iterative or include depth checks.
Impact:
Local Denial of Service via application crash; exhausts stack memory; no confidentiality or integrity impact; affects interpreters embedding the vulnerable library .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

