Vulnerabilities (CVE)

Filtered by vendor Mruby Subscribe
Filtered by product Mruby
Total 33 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15866 2 Debian, Mruby 2 Debian Linux, Mruby 2022-05-12 7.5 HIGH 9.8 CRITICAL
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
CVE-2018-12249 2 Debian, Mruby 2 Debian Linux, Mruby 2022-05-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.
CVE-2018-14337 2 Debian, Mruby 2 Debian Linux, Mruby 2022-05-12 5.0 MEDIUM 7.5 HIGH
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length.
CVE-2018-11743 2 Debian, Mruby 2 Debian Linux, Mruby 2022-05-12 7.5 HIGH 9.8 CRITICAL
The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.
CVE-2018-10191 2 Debian, Mruby 2 Debian Linux, Mruby 2022-05-12 7.5 HIGH 9.8 CRITICAL
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code.
CVE-2017-9527 2 Debian, Mruby 2 Debian Linux, Mruby 2022-05-12 6.8 MEDIUM 7.8 HIGH
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
CVE-2022-1286 1 Mruby 1 Mruby 2022-04-18 7.5 HIGH 9.8 CRITICAL
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVE-2022-1276 1 Mruby 1 Mruby 2022-04-15 7.5 HIGH 9.8 CRITICAL
Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVE-2022-1212 1 Mruby 1 Mruby 2022-04-12 7.5 HIGH 9.8 CRITICAL
Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
CVE-2022-1106 1 Mruby 1 Mruby 2022-03-31 6.4 MEDIUM 9.1 CRITICAL
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
CVE-2022-1071 1 Mruby 1 Mruby 2022-03-31 6.8 MEDIUM 8.2 HIGH
User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
CVE-2022-0890 1 Mruby 1 Mruby 2022-03-17 7.1 HIGH 5.5 MEDIUM
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.
CVE-2022-0717 1 Mruby 1 Mruby 2022-03-02 6.4 MEDIUM 9.1 CRITICAL
Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.
CVE-2022-0632 1 Mruby 1 Mruby 2022-02-28 4.3 MEDIUM 5.5 MEDIUM
NULL Pointer Dereference in Homebrew mruby prior to 3.2.
CVE-2022-0630 1 Mruby 1 Mruby 2022-02-28 5.8 MEDIUM 7.1 HIGH
Out-of-bounds Read in Homebrew mruby prior to 3.2.
CVE-2022-0631 1 Mruby 1 Mruby 2022-02-25 7.5 HIGH 9.8 CRITICAL
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVE-2022-0623 1 Mruby 1 Mruby 2022-02-24 6.4 MEDIUM 9.1 CRITICAL
Out-of-bounds Read in Homebrew mruby prior to 3.2.
CVE-2022-0570 1 Mruby 1 Mruby 2022-02-22 7.5 HIGH 9.8 CRITICAL
Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.
CVE-2022-0525 1 Mruby 1 Mruby 2022-02-11 6.4 MEDIUM 9.1 CRITICAL
Out-of-bounds Read in Homebrew mruby prior to 3.2.
CVE-2022-0481 1 Mruby 1 Mruby 2022-02-10 7.8 HIGH 7.5 HIGH
NULL Pointer Dereference in Homebrew mruby prior to 3.2.