CVE-2024-36760: Rhai stack overflow vulenrability

June 13, 2024 (updated July 5, 2024)

A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.. engine.. Engine$GT$::eval_stmt::h3f1d68ce37fc6e96). Due to the stack overflow is a recursive call/SRC/rhai/SRC/eval/STMT. Rs file eval_stmt_block function.

References

github.com/MageWeiG/VulnerabilityCollection/blob/main/CVE-2024-36760/info.md
github.com/advisories/GHSA-67fv-9r7g-432h
github.com/rhaiscript/rhai
github.com/rhaiscript/rhai/commit/308d07a11d3bff0d230f685a6320292181e5a445
nvd.nist.gov/vuln/detail/CVE-2024-36760

Detect and mitigate CVE-2024-36760 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →