Primary

Context

WickedEngine Out-of-Bounds Read Vulnerability in LUA Modules

Vulnerability

An out-of-bounds read vulnerability has been identified in WickedEngine versions through 0.71.727, specifically within the LUA modules. The issue arises in the 'lparser.C' program file, where a potential vulnerability in the 'singlevar()' function was cloned from the Lua reference implementation but not properly patched. This oversight can lead to incorrect code generation under certain conditions.

Impact

Exploitation of this vulnerability could result in an out-of-bounds read, potentially allowing for memory access beyond the intended limits, which could be exploited to read sensitive information or cause a crash.

Remediation

Users can update to the latest version of WickedEngine, where this vulnerability has been addressed, to mitigate this issue.

Added: Jan 27, 2026, 9:20 AM

Updated: Jan 27, 2026, 3:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.2

remediation

0.0

relevance

2.4

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

4.2

remediation

0.0

relevance

2.4

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WickedEngine Out-of-Bounds Read Vulnerability in LUA Modules

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating