An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-06-12
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-06-05
Page 4