CPE Details
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:mruby:mruby:1.4.1:*:*:*:*:ruby:*:*
Informations
Vendor
mrubyProduct
mrubyVersion
1.4.1Target Software
rubyRelated CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue. | 4.8 |
Moyen |
||
| An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash. | 7.5 |
Haute |
||
| Use After Free in GitHub repository mruby/mruby prior to 3.2. | 7.8 |
Haute |
||
| Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. | 7.8 |
Haute |
||
| heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 |
Critique |
||
| Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 |
Critique |
||
| Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 |
Critique |
||
| NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system. | 6.5 |
Moyen |
||
| use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | 9.1 |
Critique |
||
| User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | 8.2 |
Haute |
||
| NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. | 5.5 |
Moyen |
||
| Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. | 9.1 |
Critique |
||
| NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 5.5 |
Moyen |
||
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | 7.1 |
Haute |
||
| Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 9.8 |
Critique |
||
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | 9.1 |
Critique |
||
| Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. | 5.5 |
Moyen |
||
| Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | 9.8 |
Critique |
||
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | 9.1 |
Critique |
||
| NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 7.5 |
Haute |
||
| NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 5.5 |
Moyen |
||
| mruby is vulnerable to NULL Pointer Dereference | 7.5 |
Haute |
||
| mruby is vulnerable to Heap-based Buffer Overflow | 9.8 |
Critique |
||
| mruby is vulnerable to NULL Pointer Dereference | 7.5 |
Haute |
||
| mruby is vulnerable to NULL Pointer Dereference | 7.5 |
Haute |
||
| mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. | 9.8 |
Critique |
||
| The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | 7.5 |
Haute |
||
| An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FROZEN flag (e.g., the embedded flag). | 7.5 |
Haute |
||
| An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber. | 7.5 |
Haute |
||
| An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c. | 7.5 |
Haute |
||
| The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | 9.8 |
Critique |
