Home > Vulnerability Database > CVE-2024-36760

Mend.io Vulnerability Database

CVE-2024-36760

Good to know:

Date: June 12, 2024

A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function.

Language: RUST

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-36760

Url: https://github.com/rhaiscript/rhai/commit/308d07a11d3bff0d230f685a6320292181e5a445

Url: https://github.com/MageWeiG/VulnerabilityCollection/blob/main/CVE-2024-36760/info.md

Url: https://github.com/rhaiscript/rhai

Url: https://www.mend.io/vulnerability-database/CVE-2024-36760

Severity Score

7.5

Weakness Type (CWE)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-120

Uncontrolled Recursion

CWE-674

Top Fix

Upgrade Version

Upgrade to version rhai - 1.19.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-36760

Good to know:

Date: June 12, 2024

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?