OSV-2023-280 Heap-use-after-free in mrb_str_hash_m

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57672 Crash type: Heap-use-after-free READ 1 Crash state: mrbstrhashm mrbvmexec mrbvmrun...

OSV-2023-151 UNKNOWN READ in mrb_vm_find_method

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56687 Crash type: UNKNOWN READ Crash state: mrbvmfindmethod mrbvmexec mrbvmrun...

User after free in mrb_vm_exec

While fuzzing mruby I found a use after free in mruby compiled with ASAn. Proof of Concept uaf1.rb rb var1 = -0 var2 = 1.0 var3 = 1 var4 = +0 var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby || var3 = methods.groupby ||...

OSV-2021-1213 UNKNOWN WRITE in mrb_vm_exec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38251 Crash type: UNKNOWN WRITE Crash state: mrbvmexec mrbvmrun mrbtoprun...

OSV-2021-912 Heap-buffer-overflow in mrb_vm_exec

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35712 Crash type: Heap-buffer-overflow READ 4 Crash state: mrbvmexec mrbvmrun mrbtoprun...

shopify-scripts: SIGSEGV - mrb_yield_with_class

Linux Ubuntu Xenial X64 commit 63dbed00946afda34178a479cfa38fa78d620a00 Author: Yukihiro "Matz" Matsumoto Date: Tue Mar 7 15:01:09 2017 +0900 PoC def a instanceexec return aensure end a output ----------------------------------registers----------------------------------- RAX: 0x7ffff7fec7d0 RBX:...

shopify-scripts: Heap Overflow in mrb_arb_splice

It's similar with 192235, but the root cause is different. both of mruby and mruby-engine are crashed by the following PoC. MRBINT64 ruby ary = Array.new1023 ary0x7ffffffffffffc00,0 = Array.new1024 $ gdb -q --args ./bin/mruby test2.rb Reading symbols from ./bin/mruby...done. gdb r Starting progra...