mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.13-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.14-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.15-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.16-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | mruby | < 2.1.2-r0 | UNKNOWN |