CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
References
Link Resource
https://github.com/mruby/mruby/issues/4062 Exploit Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mruby:mruby:1.4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

12 May 2022, 20:12

Type Values Removed Values Added
References (MISC) https://github.com/mruby/mruby/issues/4062 - Exploit, Third Party Advisory (MISC) https://github.com/mruby/mruby/issues/4062 - Exploit, Issue Tracking, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html - Mailing List, Third Party Advisory
First Time Debian debian Linux
Debian
CPE cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

06 May 2022, 11:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00006.html -

Information

Published : 2018-07-17 03:29

Updated : 2023-12-10 12:44


NVD link : CVE-2018-14337

Mitre link : CVE-2018-14337

CVE.ORG link : CVE-2018-14337


JSON object : View

Products Affected

debian

  • debian_linux

mruby

  • mruby
CWE
CWE-190

Integer Overflow or Wraparound