VYPR

Mruby

by Mruby

Source repositories

CVEs (43)

  • CVE-2018-11743CriJun 5, 2018
    risk 0.00cvss 9.8epss 0.02

    The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact.

  • CVE-2018-10199CriApr 18, 2018
    risk 0.00cvss 9.8epss 0.02

    In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.

  • CVE-2018-10191CriApr 17, 2018
    risk 0.00cvss 9.8epss 0.03

    In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute…

Page 3 of 3