ChaiScript Divide-By-Zero Vulnerability in Boxed_Number Function
Vulnerability
A divide-by-zero vulnerability has been identified in ChaiScript versions prior to 6.1.0. This issue occurs in the Boxed_Number::go function, located in the file include/chaiscript/dispatchkit/boxed_number.hpp. The vulnerability arises from unhandled integer division or modulo operations with a divisor of zero, leading to a floating-point exception. This issue requires local access to exploit.
Impact
Exploitation of this vulnerability causes a floating-point exception, which is a hardware-level error that crashes the process.
Reproduction
The vulnerability can be reproduced by building ChaiScript with release optimization and AddressSanitizer (ASan) enabled. After compiling the program, ChaiScript can be run with a script that uses the modulo operator with a divisor of zero, which will trigger the divide-by-zero error and cause the application to crash. The ASan report will confirm the floating-point exception error.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.