mruby is vulnerable to NULL Pointer Dereference
CVSS Score
6.2
EPSS Score
0.003
Published
2022-01-17
mruby is vulnerable to Heap-based Buffer Overflow
CVSS Score
8.2
EPSS Score
0.003
Published
2022-01-02
mruby is vulnerable to NULL Pointer Dereference
CVSS Score
6.8
EPSS Score
0.003
Published
2021-12-30
mruby is vulnerable to NULL Pointer Dereference
CVSS Score
9.1
EPSS Score
0.005
Published
2021-12-15
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
CVSS Score
9.8
EPSS Score
0.006
Published
2020-07-21
In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.015
Published
2018-04-18
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-04-17
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-06-11
Page 3