Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (VulnCheck) · only source for this CVE.
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in gravity_fiber_reassign() to corrupt heap metadata and achieve arbitrary code execution in applications that evaluate untrusted scripts.
AnalysisAI
Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications evaluate untrusted scripts containing many string literals at global scope. The vulnerability stems from insufficient bounds checking in gravity_fiber_reassign(), allowing heap metadata corruption. VulnCheck disclosed this issue with a vendor-released patch (commit 18b9195) available. CVSS 9.3 reflects the critical network-accessible, unauthenticated attack vector. No active exploitation (CISA KEV) or public POC identified at time of analysis, but technical details in GitHub issue #437 could facilitate exploit development.
Technical ContextAI
Gravity is an embeddable scripting language (CPE: cpe:2.3:a:marcobambini:gravity) designed for integration into applications requiring dynamic script execution. The vulnerability (CWE-122: Heap-based Buffer Overflow) occurs in the gravity_vm_exec function during virtual machine execution. When processing scripts with numerous string literals at global scope, the gravity_fiber_reassign() function fails to perform adequate bounds checking during fiber memory reassignment operations. This allows attackers to write beyond allocated heap buffer boundaries, corrupting adjacent heap metadata structures. Heap corruption primitives can be leveraged to redirect control flow and achieve arbitrary code execution within the host application's security context. Applications embedding Gravity to parse user-supplied scripts (plugins, configuration files, web request handlers) inherit this risk.
RemediationAI
Vendor-released patch: Upgrade Gravity to version 0.9.6 or apply commit 18b9195598d9b944376754c6d1ad76e38a4adca1 from https://github.com/marcobambini/gravity/commit/18b9195598d9b944376754c6d1ad76e38a4adca1. Release notes at https://github.com/marcobambini/gravity/releases/tag/0.9.6 confirm fixes for heap buffer overflow. If immediate upgrade is not feasible, implement strict input validation to reject scripts with excessive string literals at global scope (detection threshold requires testing, may break legitimate use cases). Deploy Gravity VM in isolated sandboxes with restricted privileges (containers, separate processes with minimal capabilities) to limit post-exploitation impact, though this does not prevent initial code execution. Disable untrusted script evaluation features entirely if not business-critical. Monitor runtime for abnormal heap allocations or crashes in gravity_vm_exec as potential exploitation indicators. All compensating controls are partial mitigations; patching is the only complete remediation.
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary c
Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerabi
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerabi
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity
Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modificati
An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio
Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is r
An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat
An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat
An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23145
GHSA-3r49-76f3-pf2m