Search criteria
41 vulnerabilities by mruby
CVE-2025-13120 (GCVE-0-2025-13120)
Vulnerability from cvelistv5 – Published: 2025-11-13 15:32 – Updated: 2025-11-13 16:20
VLAI?
Summary
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
tjbecker (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T16:19:04.859653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T16:20:19.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mruby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
},
{
"status": "affected",
"version": "3.3"
},
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "tjbecker (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in mruby up to 3.4.0 entdeckt. Betroffen hiervon ist die Funktion sort_cmp der Datei src/array.c. Durch das Manipulieren mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Name des Patches ist eb398971bfb43c38db3e04528b68ac9a7ce509bc. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:32:07.825Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-332325 | mruby array.c sort_cmp use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.332325"
},
{
"name": "VDB-332325 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.332325"
},
{
"name": "Submit #683435 | mruby 3.4.0 Use After Free",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.683435"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6649"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/makesoftwaresafe/mruby/pull/263"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6649#issue-3534393003"
},
{
"tags": [
"patch"
],
"url": "https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-13T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-13T10:12:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "mruby array.c sort_cmp use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13120",
"datePublished": "2025-11-13T15:32:07.825Z",
"dateReserved": "2025-11-13T09:07:33.572Z",
"dateUpdated": "2025-11-13T16:20:19.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12875 (GCVE-0-2025-12875)
Vulnerability from cvelistv5 – Published: 2025-11-07 20:32 – Updated: 2025-11-13 14:14
VLAI?
Summary
A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
tjbecker (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12875",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T14:13:49.237460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:14:24.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mruby/mruby/issues/6650"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/mruby/mruby/issues/6650#issuecomment-3430851605"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mruby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "tjbecker (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue."
},
{
"lang": "de",
"value": "In mruby 3.4.0 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion ary_fill_exec der Datei mrbgems/mruby-array-ext/src/array.c. Mittels dem Manipulieren des Arguments start/length mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden. Der Patch heisst 93619f06dd378db6766666b30c08978311c7ec94. Es wird empfohlen, einen Patch anzuwenden, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T20:32:07.100Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-331511 | mruby array.c ary_fill_exec out-of-bounds write",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.331511"
},
{
"name": "VDB-331511 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.331511"
},
{
"name": "Submit #680879 | mruby 3.4.0 Out-of-bounds Write",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.680879"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6650"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6650#event-20443453808"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6650#issuecomment-3430851605"
},
{
"tags": [
"patch"
],
"url": "https://github.com/makesoftwaresafe/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-07T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-07T16:14:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "mruby array.c ary_fill_exec out-of-bounds write"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12875",
"datePublished": "2025-11-07T20:32:07.100Z",
"dateReserved": "2025-11-07T15:09:38.806Z",
"dateUpdated": "2025-11-13T14:14:24.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7207 (GCVE-0-2025-7207)
Vulnerability from cvelistv5 – Published: 2025-07-09 00:02 – Updated: 2025-07-09 13:08
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T13:08:07.309680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T13:08:10.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mruby/mruby/issues/6509"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"nregs Handler"
],
"product": "mruby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.4.0-rc1"
},
{
"status": "affected",
"version": "3.4.0-rc2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in mruby bis 3.4.0-rc2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion scope_new der Datei mrbgems/mruby-compiler/core/codegen.c der Komponente nregs Handler. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 1fdd96104180cc0fb5d3cb086b05ab6458911bb9 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T00:02:07.237Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-315156 | mruby nregs codegen.c scope_new heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.315156"
},
{
"name": "VDB-315156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.315156"
},
{
"name": "Submit #607683 | mruby mruby 3.4.0-rc2 (commit dd68681) Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.607683"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6509"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mruby/mruby/issues/6509#event-17145516649"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/19619499/mruby_crash.txt"
},
{
"tags": [
"patch"
],
"url": "https://github.com/mruby/mruby/commit/1fdd96104180cc0fb5d3cb086b05ab6458911bb9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-07T14:27:08.000Z",
"value": "VulDB entry last update"
}
],
"title": "mruby nregs codegen.c scope_new heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7207",
"datePublished": "2025-07-09T00:02:07.237Z",
"dateReserved": "2025-07-07T12:21:11.405Z",
"dateUpdated": "2025-07-09T13:08:10.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46023 (GCVE-0-2021-46023)
Vulnerability from cvelistv5 – Published: 2023-02-14 00:00 – Updated: 2025-03-20 20:44
VLAI?
Summary
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mruby/mruby/issues/5613"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T20:44:04.342599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T20:44:22.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mruby/mruby/issues/5613"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46023",
"datePublished": "2023-02-14T00:00:00.000Z",
"dateReserved": "2022-01-03T00:00:00.000Z",
"dateUpdated": "2025-03-20T20:44:22.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1934 (GCVE-0-2022-1934)
Vulnerability from cvelistv5 – Published: 2022-05-31 02:20 – Updated: 2024-08-03 00:24
VLAI?
Summary
Use After Free in GitHub repository mruby/mruby prior to 3.2.
Severity ?
5.1 (Medium)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:42.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in GitHub repository mruby/mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T02:20:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce"
}
],
"source": {
"advisory": "99e6df06-b9f7-4c53-a722-6bb89fbfb51f",
"discovery": "EXTERNAL"
},
"title": "Use After Free in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1934",
"STATE": "PUBLIC",
"TITLE": "Use After Free in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use After Free in GitHub repository mruby/mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f"
},
{
"name": "https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce"
}
]
},
"source": {
"advisory": "99e6df06-b9f7-4c53-a722-6bb89fbfb51f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1934",
"datePublished": "2022-05-31T02:20:12",
"dateReserved": "2022-05-30T00:00:00",
"dateUpdated": "2024-08-03T00:24:42.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1427 (GCVE-0-2022-1427)
Vulnerability from cvelistv5 – Published: 2022-04-22 23:35 – Updated: 2024-08-03 00:03
VLAI?
Summary
Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.
Severity ?
7.7 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-22T23:35:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b"
}
],
"source": {
"advisory": "23b6f0a9-64f5-421e-a55f-b5b7a671f301",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1427",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in mrb_obj_is_kind_of in in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301"
},
{
"name": "https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b"
}
]
},
"source": {
"advisory": "23b6f0a9-64f5-421e-a55f-b5b7a671f301",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1427",
"datePublished": "2022-04-22T23:35:09",
"dateReserved": "2022-04-21T00:00:00",
"dateUpdated": "2024-08-03T00:03:06.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1286 (GCVE-0-2022-1286)
Vulnerability from cvelistv5 – Published: 2022-04-10 10:40 – Updated: 2024-08-02 23:55
VLAI?
Summary
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
Severity ?
5.9 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-10T10:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9"
}
],
"source": {
"advisory": "f918376e-b488-4113-963d-ffe8716e4189",
"discovery": "EXTERNAL"
},
"title": "heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1286",
"STATE": "PUBLIC",
"TITLE": "heap-buffer-overflow in mrb_vm_exec in mruby/mruby in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189"
},
{
"name": "https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9"
}
]
},
"source": {
"advisory": "f918376e-b488-4113-963d-ffe8716e4189",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1286",
"datePublished": "2022-04-10T10:40:09",
"dateReserved": "2022-04-09T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1276 (GCVE-0-2022-1276)
Vulnerability from cvelistv5 – Published: 2022-04-10 09:35 – Updated: 2024-08-02 23:55
VLAI?
Summary
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
Severity ?
8.4 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-10T09:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6"
}
],
"source": {
"advisory": "6ea041d1-e2aa-472c-bf3e-da5fa8726c25",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in mrb_get_args in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1276",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in mrb_get_args in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25"
},
{
"name": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6"
}
]
},
"source": {
"advisory": "6ea041d1-e2aa-472c-bf3e-da5fa8726c25",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1276",
"datePublished": "2022-04-10T09:35:10",
"dateReserved": "2022-04-08T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1212 (GCVE-0-2022-1212)
Vulnerability from cvelistv5 – Published: 2022-04-05 03:45 – Updated: 2024-08-02 23:55
VLAI?
Summary
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
Severity ?
9.3 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-05T03:45:19",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6"
}
],
"source": {
"advisory": "9fcc06d0-08e4-49c8-afda-2cae40946abe",
"discovery": "EXTERNAL"
},
"title": "Use-After-Free in str_escape in mruby/mruby in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1212",
"STATE": "PUBLIC",
"TITLE": "Use-After-Free in str_escape in mruby/mruby in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe"
},
{
"name": "https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6"
}
]
},
"source": {
"advisory": "9fcc06d0-08e4-49c8-afda-2cae40946abe",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1212",
"datePublished": "2022-04-05T03:45:19",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1201 (GCVE-0-2022-1201)
Vulnerability from cvelistv5 – Published: 2022-04-02 07:45 – Updated: 2024-08-02 23:55
VLAI?
Summary
NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.
Severity ?
7.1 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-02T07:45:34",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"
}
],
"source": {
"advisory": "6f930add-c9d8-4870-ae56-d4bd8354703b",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1201",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mrb_vm_exec with super in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b"
},
{
"name": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae"
}
]
},
"source": {
"advisory": "6f930add-c9d8-4870-ae56-d4bd8354703b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1201",
"datePublished": "2022-04-02T07:45:34",
"dateReserved": "2022-04-01T00:00:00",
"dateUpdated": "2024-08-02T23:55:24.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1106 (GCVE-0-2022-1106)
Vulnerability from cvelistv5 – Published: 2022-03-27 14:05 – Updated: 2024-08-02 23:55
VLAI?
Summary
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
Severity ?
7.2 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:23.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-27T14:05:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c"
}
],
"source": {
"advisory": "16b9d0ea-71ed-41bc-8a88-2deb4c20be8f",
"discovery": "EXTERNAL"
},
"title": "use after free in mrb_vm_exec in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1106",
"STATE": "PUBLIC",
"TITLE": "use after free in mrb_vm_exec in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f"
},
{
"name": "https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c"
}
]
},
"source": {
"advisory": "16b9d0ea-71ed-41bc-8a88-2deb4c20be8f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1106",
"datePublished": "2022-03-27T14:05:10",
"dateReserved": "2022-03-26T00:00:00",
"dateUpdated": "2024-08-02T23:55:23.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1071 (GCVE-0-2022-1071)
Vulnerability from cvelistv5 – Published: 2022-03-26 03:40 – Updated: 2024-08-02 23:47
VLAI?
Summary
User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
Severity ?
7.7 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-26T03:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f"
}
],
"source": {
"advisory": "6597ece9-07af-415b-809b-919ce0a17cf3",
"discovery": "EXTERNAL"
},
"title": "User after free in mrb_vm_exec in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1071",
"STATE": "PUBLIC",
"TITLE": "User after free in mrb_vm_exec in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3"
},
{
"name": "https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f"
}
]
},
"source": {
"advisory": "6597ece9-07af-415b-809b-919ce0a17cf3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1071",
"datePublished": "2022-03-26T03:40:10",
"dateReserved": "2022-03-25T00:00:00",
"dateUpdated": "2024-08-02T23:47:43.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0890 (GCVE-0-2022-0890)
Vulnerability from cvelistv5 – Published: 2022-03-10 01:10 – Updated: 2024-08-02 23:47
VLAI?
Summary
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-10T01:10:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa"
}
],
"source": {
"advisory": "68e09ec1-6cc7-48b8-981d-30f478c70276",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0890",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276"
},
{
"name": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa"
}
]
},
"source": {
"advisory": "68e09ec1-6cc7-48b8-981d-30f478c70276",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0890",
"datePublished": "2022-03-10T01:10:09",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0717 (GCVE-0-2022-0717)
Vulnerability from cvelistv5 – Published: 2022-02-23 02:05 – Updated: 2024-08-02 23:40
VLAI?
Summary
Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.
Severity ?
6.8 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-23T02:05:11",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76"
}
],
"source": {
"advisory": "27a851a5-7ebf-409b-854f-b2614771e8f9",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0717",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9"
},
{
"name": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76"
}
]
},
"source": {
"advisory": "27a851a5-7ebf-409b-854f-b2614771e8f9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0717",
"datePublished": "2022-02-23T02:05:11",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0632 (GCVE-0-2022-0632)
Vulnerability from cvelistv5 – Published: 2022-02-19 14:00 – Updated: 2024-08-02 23:32
VLAI?
Summary
NULL Pointer Dereference in Homebrew mruby prior to 3.2.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T14:00:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d"
}
],
"source": {
"advisory": "3e5bb8f6-30fd-4553-86dd-761e9459ce1b",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0632",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b"
},
{
"name": "https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d"
}
]
},
"source": {
"advisory": "3e5bb8f6-30fd-4553-86dd-761e9459ce1b",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0632",
"datePublished": "2022-02-19T14:00:12",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0630 (GCVE-0-2022-0630)
Vulnerability from cvelistv5 – Published: 2022-02-19 13:55 – Updated: 2024-08-02 23:32
VLAI?
Summary
Out-of-bounds Read in Homebrew mruby prior to 3.2.
Severity ?
7.1 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-19T13:55:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32"
}
],
"source": {
"advisory": "f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0630",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"name": "https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32"
}
]
},
"source": {
"advisory": "f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0630",
"datePublished": "2022-02-19T13:55:09",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0631 (GCVE-0-2022-0631)
Vulnerability from cvelistv5 – Published: 2022-02-18 13:55 – Updated: 2024-08-02 23:32
VLAI?
Summary
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
Severity ?
5.9 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-18T13:55:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299"
}
],
"source": {
"advisory": "9bdc49ca-6697-4adc-a785-081e1961bf40",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0631",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40"
},
{
"name": "https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299"
}
]
},
"source": {
"advisory": "9bdc49ca-6697-4adc-a785-081e1961bf40",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0631",
"datePublished": "2022-02-18T13:55:10",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0623 (GCVE-0-2022-0623)
Vulnerability from cvelistv5 – Published: 2022-02-17 06:30 – Updated: 2024-08-02 23:32
VLAI?
Summary
Out-of-bounds Read in Homebrew mruby prior to 3.2.
Severity ?
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T06:30:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580"
}
],
"source": {
"advisory": "5b908ac7-d8f1-4fcd-9355-85df565f7580",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0623",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
},
{
"name": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580"
}
]
},
"source": {
"advisory": "5b908ac7-d8f1-4fcd-9355-85df565f7580",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0623",
"datePublished": "2022-02-17T06:30:10",
"dateReserved": "2022-02-16T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0614 (GCVE-0-2022-0614)
Vulnerability from cvelistv5 – Published: 2022-02-16 09:40 – Updated: 2024-08-02 23:32
VLAI?
Summary
Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.
Severity ?
8.4 (High)
CWE
- CWE-823 - Use of Out-of-range Pointer Offset
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823 Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T09:40:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
}
],
"source": {
"advisory": "a980ce4d-c359-4425-92c4-e844c0055879",
"discovery": "EXTERNAL"
},
"title": "Use of Out-of-range Pointer Offset in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0614",
"STATE": "PUBLIC",
"TITLE": "Use of Out-of-range Pointer Offset in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-823 Use of Out-of-range Pointer Offset"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879"
},
{
"name": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad"
}
]
},
"source": {
"advisory": "a980ce4d-c359-4425-92c4-e844c0055879",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0614",
"datePublished": "2022-02-16T09:40:10",
"dateReserved": "2022-02-15T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0570 (GCVE-0-2022-0570)
Vulnerability from cvelistv5 – Published: 2022-02-13 04:50 – Updated: 2024-08-02 23:32
VLAI?
Summary
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
Severity ?
8.4 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based Buffer Overflow in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-13T04:50:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad"
}
],
"source": {
"advisory": "65a7632e-f95b-4836-b1a7-9cb95e5124f1",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0570",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1"
},
{
"name": "https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad"
}
]
},
"source": {
"advisory": "65a7632e-f95b-4836-b1a7-9cb95e5124f1",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0570",
"datePublished": "2022-02-13T04:50:10",
"dateReserved": "2022-02-12T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0525 (GCVE-0-2022-0525)
Vulnerability from cvelistv5 – Published: 2022-02-09 03:45 – Updated: 2024-08-02 23:32
VLAI?
Summary
Out-of-bounds Read in Homebrew mruby prior to 3.2.
Severity ?
8.4 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T03:45:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7"
}
],
"source": {
"advisory": "e19e109f-acf0-4048-8ee8-1b10a870f1e9",
"discovery": "EXTERNAL"
},
"title": "Out-of-bounds Read in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0525",
"STATE": "PUBLIC",
"TITLE": "Out-of-bounds Read in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds Read in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9"
},
{
"name": "https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7"
}
]
},
"source": {
"advisory": "e19e109f-acf0-4048-8ee8-1b10a870f1e9",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0525",
"datePublished": "2022-02-09T03:45:10",
"dateReserved": "2022-02-08T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0481 (GCVE-0-2022-0481)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:33 – Updated: 2024-08-02 23:32
VLAI?
Summary
NULL Pointer Dereference in Homebrew mruby prior to 3.2.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:44.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:33:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e"
}
],
"source": {
"advisory": "54725c8c-87f4-41b6-878c-01d8e0ee7027",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0481",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027"
},
{
"name": "https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e"
}
]
},
"source": {
"advisory": "54725c8c-87f4-41b6-878c-01d8e0ee7027",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0481",
"datePublished": "2022-02-04T22:33:00",
"dateReserved": "2022-02-03T00:00:00",
"dateUpdated": "2024-08-02T23:32:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0326 (GCVE-0-2022-0326)
Vulnerability from cvelistv5 – Published: 2022-01-21 06:45 – Updated: 2024-08-02 23:25
VLAI?
Summary
NULL Pointer Dereference in Homebrew mruby prior to 3.2.
Severity ?
5.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL Pointer Dereference in Homebrew mruby prior to 3.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T06:45:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e"
}
],
"source": {
"advisory": "795dcbd9-1695-44bb-8c59-ad327c97c976",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0326",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NULL Pointer Dereference in Homebrew mruby prior to 3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/795dcbd9-1695-44bb-8c59-ad327c97c976"
},
{
"name": "https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e"
}
]
},
"source": {
"advisory": "795dcbd9-1695-44bb-8c59-ad327c97c976",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0326",
"datePublished": "2022-01-21T06:45:12",
"dateReserved": "2022-01-21T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0240 (GCVE-0-2022-0240)
Vulnerability from cvelistv5 – Published: 2022-01-17 13:35 – Updated: 2024-08-02 23:18
VLAI?
Summary
mruby is vulnerable to NULL Pointer Dereference
Severity ?
6.2 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mruby is vulnerable to NULL Pointer Dereference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-17T13:35:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca"
}
],
"source": {
"advisory": "5857eced-aad9-417d-864e-0bdf17226cbb",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0240",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.2"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mruby is vulnerable to NULL Pointer Dereference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb"
},
{
"name": "https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca"
}
]
},
"source": {
"advisory": "5857eced-aad9-417d-864e-0bdf17226cbb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0240",
"datePublished": "2022-01-17T13:35:10",
"dateReserved": "2022-01-16T00:00:00",
"dateUpdated": "2024-08-02T23:18:42.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-46020 (GCVE-0-2021-46020)
Vulnerability from cvelistv5 – Published: 2022-01-14 20:01 – Updated: 2024-08-04 04:54
VLAI?
Summary
An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/issues/5613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T20:01:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/issues/5613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-46020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mruby/mruby/issues/5613",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/issues/5613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46020",
"datePublished": "2022-01-14T20:01:27",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-08-04T04:54:31.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0080 (GCVE-0-2022-0080)
Vulnerability from cvelistv5 – Published: 2022-01-02 11:30 – Updated: 2025-05-22 15:01
VLAI?
Summary
mruby is vulnerable to Heap-based Buffer Overflow
Severity ?
8.2 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0080",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T14:44:56.451822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:01:54.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mruby is vulnerable to Heap-based Buffer Overflow"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-02T11:30:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6"
}
],
"source": {
"advisory": "59a70392-4864-4ce3-8e35-6ac2111d1e2e",
"discovery": "EXTERNAL"
},
"title": "Heap-based Buffer Overflow in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0080",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mruby is vulnerable to Heap-based Buffer Overflow"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122 Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e"
},
{
"name": "https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6"
}
]
},
"source": {
"advisory": "59a70392-4864-4ce3-8e35-6ac2111d1e2e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0080",
"datePublished": "2022-01-02T11:30:09.000Z",
"dateReserved": "2022-01-01T00:00:00.000Z",
"dateUpdated": "2025-05-22T15:01:54.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4188 (GCVE-0-2021-4188)
Vulnerability from cvelistv5 – Published: 2021-12-30 06:55 – Updated: 2024-08-03 17:16
VLAI?
Summary
mruby is vulnerable to NULL Pointer Dereference
Severity ?
6.8 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mruby is vulnerable to NULL Pointer Dereference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-30T06:55:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8"
}
],
"source": {
"advisory": "78533fb9-f3e0-47c2-86dc-d1f96d5bea28",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4188",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mruby is vulnerable to NULL Pointer Dereference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28"
},
{
"name": "https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8"
}
]
},
"source": {
"advisory": "78533fb9-f3e0-47c2-86dc-d1f96d5bea28",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4188",
"datePublished": "2021-12-30T06:55:09",
"dateReserved": "2021-12-29T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4110 (GCVE-0-2021-4110)
Vulnerability from cvelistv5 – Published: 2021-12-15 04:40 – Updated: 2024-08-03 17:16
VLAI?
Summary
mruby is vulnerable to NULL Pointer Dereference
Severity ?
9.1 (Critical)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| mruby | mruby/mruby |
Affected:
unspecified , < 3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mruby/mruby",
"vendor": "mruby",
"versions": [
{
"lessThan": "3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mruby is vulnerable to NULL Pointer Dereference"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T04:40:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34"
}
],
"source": {
"advisory": "4ce5dc47-2512-4c87-8609-453adc8cad20",
"discovery": "EXTERNAL"
},
"title": "NULL Pointer Dereference in mruby/mruby",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4110",
"STATE": "PUBLIC",
"TITLE": "NULL Pointer Dereference in mruby/mruby"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mruby/mruby",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.1"
}
]
}
}
]
},
"vendor_name": "mruby"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mruby is vulnerable to NULL Pointer Dereference"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20"
},
{
"name": "https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34"
}
]
},
"source": {
"advisory": "4ce5dc47-2512-4c87-8609-453adc8cad20",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4110",
"datePublished": "2021-12-15T04:40:10",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36401 (GCVE-0-2020-36401)
Vulnerability from cvelistv5 – Published: 2021-07-01 02:51 – Updated: 2024-08-04 17:23
VLAI?
Summary
mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T02:51:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-36401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801"
},
{
"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml",
"refsource": "MISC",
"url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-36401",
"datePublished": "2021-07-01T02:51:06",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-08-04T17:23:10.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15866 (GCVE-0-2020-15866)
Vulnerability from cvelistv5 – Published: 2020-07-21 14:54 – Updated: 2024-08-04 13:30
VLAI?
Summary
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mruby/mruby/issues/5042"
},
{
"name": "[debian-lts-announce] 20220506 [SECURITY] [DLA 2996-1] mruby security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T10:06:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mruby/mruby/issues/5042"
},
{
"name": "[debian-lts-announce] 20220506 [SECURITY] [DLA 2996-1] mruby security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mruby/mruby/issues/5042",
"refsource": "MISC",
"url": "https://github.com/mruby/mruby/issues/5042"
},
{
"name": "[debian-lts-announce] 20220506 [SECURITY] [DLA 2996-1] mruby security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15866",
"datePublished": "2020-07-21T14:54:09",
"dateReserved": "2020-07-21T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}