stack overflow in mrb_str_len_to_dbl in src/string.c

In mruby 2.1.0, there is a stack-based buffer overflow in mrbstrlentodbl in string.c...

heap use after free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c

In mruby 2.1.0, there is a use-after-free in hashslice in mrbgems/mruby-hash-ext/src/hash-ext.c...

mruby:mruby_fuzzer: Stack-buffer-overflow in mrb_str_len_to_dbl

Project: https://github.com/mruby/mruby.git Detailed Report: https://oss-fuzz.com/testcase?key=6269063261323264 Project: mruby Fuzzing Engine: libFuzzer Fuzz Target: mrubyfuzzer Job Type: libfuzzerasanmruby Platform Id: linux Crash Type: Stack-buffer-overflow WRITE 1 Crash Address: 0x7ffcba6b3046...

mruby:mruby_fuzzer: Crash in str_decref

Project: https://github.com/mruby/mruby.git Detailed Report: https://oss-fuzz.com/testcase?key=6321459584827392 Project: mruby Fuzzing Engine: libFuzzer Fuzz Target: mrubyfuzzer Job Type: libfuzzermsanmruby Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000002a86 Crash State:...

mruby:mruby_fuzzer: Crash in local_add_lv

Project: https://github.com/mruby/mruby.git Detailed Report: https://oss-fuzz.com/testcase?key=5695723449876480 Project: mruby Fuzzing Engine: libFuzzer Fuzz Target: mrubyfuzzer Job Type: libfuzzerasanmruby Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000003809 Crash State:...

mruby:mruby_fuzzer: Crash in yyparse

Project: https://github.com/mruby/mruby.git Detailed Report: https://oss-fuzz.com/testcase?key=5652710828802048 Project: mruby Fuzzing Engine: libFuzzer Fuzz Target: mrubyfuzzer Job Type: libfuzzerasanmruby Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000000059c3 Crash State:...

mruby/mruby_fuzzer: Use-of-uninitialized-value in ht_copy

Project: https://github.com/mruby/mruby.git Detailed report: https://oss-fuzz.com/testcase?key=5098398899765248 Project: mruby Fuzzer: libFuzzermrubyfuzzer Fuzz target binary: mrubyfuzzer Job Type: libfuzzermsanmruby Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

mruby/mruby_fuzzer: Use-of-uninitialized-value in time_update_datetime

Project: https://github.com/mruby/mruby.git Detailed report: https://oss-fuzz.com/testcase?key=5642873585795072 Project: mruby Fuzzer: libFuzzermrubyfuzzer Fuzz target binary: mrubyfuzzer Job Type: libfuzzermsanmruby Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...

shopify-scripts: Buffer overflow in yywarning_s

PoC === The following demonstrates a crash: 300000000000000000000000000000000000000000000000E0030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Debug...

shopify-scripts: Crash in mrb_ary_push

PoC === The following demonstrates a crash: def methodmissing end .00 %= begin0=0 00end Debug info ========== The crash happens in mrbarypush: 495│ mrbarypushmrbstate mrb, mrbvalue ary, mrbvalue elem 496│ 497│ struct RArray a = mrbaryptrary; 498├─ mrbint len = ARYLENa; gdb p a $1 = struct RArray...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

UBUNTU-CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

Integer overflow

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

DEBIAN-CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrbstrresize function in string.c does not check for a negative length...

CVE-2018-14337

The CVE-2018-14337 issue affects mruby 1.4.1 where the CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c can overflow a signed integer, potentially causing out-of-bounds memory access because mrb_str_resize does not check for a negative length. This is documented across multiple connected source...

mruby number error vulnerability

mruby is a lightweight implementation of the Ruby language. A numeric error vulnerability exists in mruby. An attacker can exploit this vulnerability to access memory across boundaries...